[Openvpn-devel] Ensure using const variables with EVP_PKEY_get0_*

Message ID 20210408133626.29232-1-arne@rfc2549.org
State Accepted
Headers show
Series
  • [Openvpn-devel] Ensure using const variables with EVP_PKEY_get0_*
Related show

Commit Message

Arne Schwabe April 8, 2021, 1:36 p.m.
These functions return const pointers in OpenSSL 3.0.0alpha14, so
our pointers should be also const to avoid casting the const away.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/ssl_openssl.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

Comments

Antonio Quartulli April 18, 2021, 7:20 p.m. | #1
Hi,

On 08/04/2021 15:36, Arne Schwabe wrote:
> These functions return const pointers in OpenSSL 3.0.0alpha14, so
> our pointers should be also const to avoid casting the const away.
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>


Trivial change. No behaviour is expected to be modified by this.

This change improves implicit code documentation (thanks to the OpenSSL
devs).

Compiled tested against various LibreSSL/OpenSSL versions and none
complained about the const.

Acked-by: Antonio Quartulli <antonio@openvpn.net>
Gert Doering April 18, 2021, 8:05 p.m. | #2
Your patch has been applied to the master branch.

I have not tested this any further, but glance-at-code looks good.

commit 6fc292d2ed008a53061ce953dea6ff1e692e6723
Author: Arne Schwabe
Date:   Thu Apr 8 15:36:26 2021 +0200

     Ensure using const variables with EVP_PKEY_get0_*

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20210408133626.29232-1-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22081.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index cb8ac7727..a9bc342b0 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -1248,12 +1248,11 @@  static int
 tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
 {
     RSA *rsa = NULL;
-    RSA *pub_rsa;
     RSA_METHOD *rsa_meth;
 
     ASSERT(NULL != ctx);
 
-    pub_rsa = EVP_PKEY_get0_RSA(pkey);
+    const RSA *pub_rsa = EVP_PKEY_get0_RSA(pkey);
     ASSERT(NULL != pub_rsa);
 
     /* allocate custom RSA method object */
@@ -2031,7 +2030,7 @@  print_cert_details(X509 *cert, char *buf, size_t buflen)
 #ifndef OPENSSL_NO_EC
     if (typeid == EVP_PKEY_EC && EVP_PKEY_get0_EC_KEY(pkey) != NULL)
     {
-        EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+        const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
         const EC_GROUP *group = EC_KEY_get0_group(ec);
 
         int nid = EC_GROUP_get_curve_name(group);