You really should not be mutating this.
Part of #28654
Fixes: https://github.com/openssl/project/issues/1771
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29428)
CMS_OtherRecipientInfo *ori;
CMS_KEMRecipientInfo *kemri;
int idtype;
- X509_PUBKEY *x_pubkey;
+ const X509_PUBKEY *x_pubkey;
X509_ALGOR *x_alg;
ri->d.ori = M_ASN1_new_of(CMS_OtherRecipientInfo);
* Issuer must not be NULL.
* Returns 1 on success, 0 on failure.
*/
-__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer);
+__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, X509 *issuer);
/*
* Sets the public key of the issuer of the certificate that the SCT was created
* The public key must not be NULL.
* Returns 1 on success, 0 on failure.
*/
-__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, const X509_PUBKEY *pubkey);
/*
* Sets the public key of the CT log that the SCT is from.
* Returns 1 on success, 0 on failure.
*/
__owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
-
/*
* Sets the time to evaluate the SCT against, in milliseconds since the Unix
* epoch. If the SCT's timestamp is after this time, it will be interpreted as
return 0;
}
-__owur static int ct_public_key_hash(SCT_CTX *sctx, X509_PUBKEY *pkey,
+__owur static int ct_public_key_hash(SCT_CTX *sctx, const X509_PUBKEY *pkey,
unsigned char **hash, size_t *hash_len)
{
int ret = 0;
return ret;
}
-int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
+int SCT_CTX_set1_issuer(SCT_CTX *sctx, X509 *issuer)
{
return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
}
-int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
+int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, const X509_PUBKEY *pubkey)
{
return ct_public_key_hash(sctx, pubkey, &sctx->ihash, &sctx->ihashlen);
}
goto err;
}
if (!(cflag & X509_FLAG_NO_PUBKEY)) {
- X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x);
+ const X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x);
ASN1_OBJECT *xpoid;
X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey);
if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0)
return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm));
}
-X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x)
+const X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x)
{
return x->cert_info.key;
}
EVP_PKEY *X509_get_pubkey(X509 *x);
EVP_PKEY *X509_get0_pubkey(const X509 *x);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
- X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
+ const X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
* This one is only used so that a binary form can output, as in
* i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf)
*/
-X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
+const X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
const ASN1_BIT_STRING **psuid);
{
int pdata_len = 0;
unsigned char *pdata = NULL;
- X509_PUBKEY *xpk = NULL;
+ const X509_PUBKEY *xpk = NULL;
unsigned long ret = 0;
X509 *x509 = NULL;
#define ALGORITHMID_NAME "algorithm-id"
-static int test_spki_aid(X509_PUBKEY *pubkey, const char *filename)
+static int test_spki_aid(const X509_PUBKEY *pubkey, const char *filename)
{
const ASN1_OBJECT *oid;
X509_ALGOR *alg = NULL;
static int test_x509_spki_aid(X509 *cert, const char *filename)
{
- X509_PUBKEY *pubkey = X509_get_X509_PUBKEY(cert);
+ const X509_PUBKEY *pubkey = X509_get_X509_PUBKEY(cert);
return test_spki_aid(pubkey, filename);
}
OSSL_PROVIDER *prov = NULL;
X509 *cert = NULL;
BIO *bio = NULL;
- X509_PUBKEY *pubkey = NULL;
+ const X509_PUBKEY *pubkey = NULL;
EVP_KEYMGMT *keymgmt = NULL;
EVP_PKEY *pkey = NULL;
void *keydata = NULL;
projects / thirdparty / openssl.git / commitdiff
