From a0ac6270fec4d609b595d46f3992d55e6b7ba2b8 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 7 Feb 2025 12:05:05 +0100 Subject: [PATCH] constify X509_REQ_get_X509_PUBKEY() in OpenSSL 4.0; related fixes in doc, x509.h.in, x509_req.c Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/28033) --- crypto/x509/x509_req.c | 2 +- doc/man3/X509_REQ_get_extensions.pod | 4 ++++ doc/man3/X509_get_pubkey.pod | 21 ++++++++++++++------- include/openssl/x509.h.in | 11 +++++------ 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 4085b587a5e..dd75c3fb8a8 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -74,7 +74,7 @@ EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req) return X509_PUBKEY_get0(req->req_info.pubkey); } -X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req) +X509_PUBKEY *X509_REQ_get_X509_PUBKEY(OSSL_FUTURE_CONST X509_REQ *req) { return req->req_info.pubkey; } diff --git a/doc/man3/X509_REQ_get_extensions.pod b/doc/man3/X509_REQ_get_extensions.pod index 26e2438e4f8..a50452f27b7 100644 --- a/doc/man3/X509_REQ_get_extensions.pod +++ b/doc/man3/X509_REQ_get_extensions.pod @@ -40,6 +40,10 @@ or NULL on error. X509_REQ_add_extensions() and X509_REQ_add_extensions_nid() return 1 on success, 0 on error. +=head1 HISTORY + +X509_REQ_get_extensions() was constified in OpenSSL 4.0. + =head1 COPYRIGHT Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/X509_get_pubkey.pod b/doc/man3/X509_get_pubkey.pod index c292cd3d2b3..86c1edac639 100644 --- a/doc/man3/X509_get_pubkey.pod +++ b/doc/man3/X509_get_pubkey.pod @@ -4,8 +4,8 @@ X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, -X509_REQ_get_X509_PUBKEY - get or set certificate or certificate request -public key +X509_REQ_get_X509_PUBKEY +- get or set certificate or certificate request public key =head1 SYNOPSIS @@ -17,9 +17,9 @@ public key X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); - EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); - int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); - X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x); + EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req); + int X509_REQ_set_pubkey(X509_REQ *req, EVP_PKEY *pkey); + X509_PUBKEY *X509_REQ_get_X509_PUBKEY(const X509_REQ *req); =head1 DESCRIPTION @@ -51,7 +51,7 @@ improve performance. X509_get_pubkey(), X509_get0_pubkey(), X509_get_X509_PUBKEY(), X509_REQ_get_pubkey() and X509_REQ_get_X509_PUBKEY() return a public key or -B if an error occurred. +B if no public key is present in the structure or an error occurred. X509_set_pubkey() and X509_REQ_set_pubkey() return 1 for success and 0 for failure. @@ -75,9 +75,16 @@ L, L, L +=head1 HISTORY + +X509_REQ_get0_X509_PUBKEY() was constified in OpenSSL 4.0. + +X509_get_pubkey() and X509_REQ_get_pubkey() +are deprecated but retained for backward compatibility. + =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index 6887d19cd27..5428334f44f 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -670,7 +670,6 @@ int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); const ASN1_TIME *X509_get0_notAfter(const X509 *x); ASN1_TIME *X509_getm_notAfter(const X509 *x); int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); -int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); int X509_up_ref(X509 *x); int X509_get_signature_type(const X509 *x); @@ -681,7 +680,9 @@ int X509_get_signature_type(const X509 *x); # define X509_set_notAfter X509_set1_notAfter #endif - +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +EVP_PKEY *X509_get_pubkey(X509 *x); /* deprecated */ +EVP_PKEY *X509_get0_pubkey(const X509 *x); /* * This one is only used so that a binary form can output, as in * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) @@ -692,8 +693,6 @@ void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, const ASN1_BIT_STRING **psuid); const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); -EVP_PKEY *X509_get0_pubkey(const X509 *x); -EVP_PKEY *X509_get_pubkey(X509 *x); ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); #define X509_REQ_VERSION_1 0 @@ -709,9 +708,9 @@ int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); int X509_REQ_get_signature_nid(const X509_REQ *req); int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); -EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); /* deprecated */ EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req); -X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); +X509_PUBKEY *X509_REQ_get_X509_PUBKEY(OSSL_FUTURE_CONST X509_REQ *req); int X509_REQ_extension_nid(int nid); int *X509_REQ_get_extension_nids(void); void X509_REQ_set_extension_nids(int *nids); -- 2.47.3