The keydata argument of OSSL_FUNC_keymgmt_validate() should be read-only.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13201)
* FFC pairwise check from SP800-56A R3.
* Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
*/
* FFC pairwise check from SP800-56A R3.
* Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
*/
-int dh_check_pairwise(DH *dh)
+int dh_check_pairwise(const DH *dh)
{
int ret = 0;
BN_CTX *ctx = NULL;
{
int ret = 0;
BN_CTX *ctx = NULL;
-int dh_generate_public_key(BN_CTX *ctx, DH *dh, const BIGNUM *priv_key,
+int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const BIGNUM *priv_key,
BIGNUM *pub_key)
{
int ret = 0;
BIGNUM *pub_key)
{
int ret = 0;
return 0;
if (dh->flags & DH_FLAG_CACHE_MONT_P) {
return 0;
if (dh->flags & DH_FLAG_CACHE_MONT_P) {
- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
- dh->lock, dh->params.p, ctx);
+ /*
+ * We take the input DH as const, but we lie, because in some cases we
+ * want to get a hold of its Montgomery context.
+ *
+ * We cast to remove the const qualifier in this case, it should be
+ * fine...
+ */
+ BN_MONT_CTX **pmont = (BN_MONT_CTX **)&dh->method_mont_p;
+
+ mont = BN_MONT_CTX_set_locked(pmont, dh->lock, dh->params.p, ctx);
if (mont == NULL)
goto err;
}
if (mont == NULL)
goto err;
}
int OSSL_FUNC_keymgmt_copy(void *keydata_to, const void *keydata_from, int selection);
/* Key object validation */
int OSSL_FUNC_keymgmt_copy(void *keydata_to, const void *keydata_from, int selection);
/* Key object validation */
- int OSSL_FUNC_keymgmt_validate(void *keydata, int selection);
+ int OSSL_FUNC_keymgmt_validate(const void *keydata, int selection);
int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
BN_GENCB *cb);
int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
BN_GENCB *cb);
-int dh_generate_public_key(BN_CTX *ctx, DH *dh, const BIGNUM *priv_key,
+int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const BIGNUM *priv_key,
BIGNUM *pub_key);
int dh_get_named_group_uid_from_size(int pbits);
const char *dh_gen_type_id2name(int id);
BIGNUM *pub_key);
int dh_get_named_group_uid_from_size(int pbits);
const char *dh_gen_type_id2name(int id);
int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret);
int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret);
-int dh_check_pairwise(DH *dh);
+int dh_check_pairwise(const DH *dh);
const DH_METHOD *dh_get_method(const DH *dh);
const DH_METHOD *dh_get_method(const DH *dh);
/* Key checks - validation */
# define OSSL_FUNC_KEYMGMT_VALIDATE 22
/* Key checks - validation */
# define OSSL_FUNC_KEYMGMT_VALIDATE 22
-OSSL_CORE_MAKE_FUNC(int, keymgmt_validate, (void *keydata, int selection))
+OSSL_CORE_MAKE_FUNC(int, keymgmt_validate, (const void *keydata, int selection))
/* Key checks - matching */
# define OSSL_FUNC_KEYMGMT_MATCH 23
/* Key checks - matching */
# define OSSL_FUNC_KEYMGMT_MATCH 23
-static int dh_validate_public(DH *dh)
+static int dh_validate_public(const DH *dh)
{
const BIGNUM *pub_key = NULL;
{
const BIGNUM *pub_key = NULL;
return DH_check_pub_key_ex(dh, pub_key);
}
return DH_check_pub_key_ex(dh, pub_key);
}
-static int dh_validate_private(DH *dh)
+static int dh_validate_private(const DH *dh)
{
int status = 0;
const BIGNUM *priv_key = NULL;
{
int status = 0;
const BIGNUM *priv_key = NULL;
return dh_check_priv_key(dh, priv_key, &status);;
}
return dh_check_priv_key(dh, priv_key, &status);;
}
-static int dh_validate(void *keydata, int selection)
+static int dh_validate(const void *keydata, int selection)
+ const DH *dh = keydata;
int ok = 0;
if (!ossl_prov_is_running())
int ok = 0;
if (!ossl_prov_is_running())
-static int dsa_validate_domparams(DSA *dsa)
+static int dsa_validate_domparams(const DSA *dsa)
{
int status = 0;
return dsa_check_params(dsa, &status);
}
{
int status = 0;
return dsa_check_params(dsa, &status);
}
-static int dsa_validate_public(DSA *dsa)
+static int dsa_validate_public(const DSA *dsa)
{
int status = 0;
const BIGNUM *pub_key = NULL;
{
int status = 0;
const BIGNUM *pub_key = NULL;
return dsa_check_pub_key(dsa, pub_key, &status);
}
return dsa_check_pub_key(dsa, pub_key, &status);
}
-static int dsa_validate_private(DSA *dsa)
+static int dsa_validate_private(const DSA *dsa)
{
int status = 0;
const BIGNUM *priv_key = NULL;
{
int status = 0;
const BIGNUM *priv_key = NULL;
return dsa_check_priv_key(dsa, priv_key, &status);
}
return dsa_check_priv_key(dsa, priv_key, &status);
}
-static int dsa_validate(void *keydata, int selection)
+static int dsa_validate(const void *keydata, int selection)
+ const DSA *dsa = keydata;
int ok = 0;
if (!ossl_prov_is_running())
int ok = 0;
if (!ossl_prov_is_running())
-int ec_validate(void *keydata, int selection)
+int ec_validate(const void *keydata, int selection)
+ const EC_KEY *eck = keydata;
int ok = 0;
BN_CTX *ctx = NULL;
int ok = 0;
BN_CTX *ctx = NULL;
-static int rsa_validate(void *keydata, int selection)
+static int rsa_validate(const void *keydata, int selection)
+ const RSA *rsa = keydata;
int ok = 0;
if (!ossl_prov_is_running())
int ok = 0;
if (!ossl_prov_is_running())