Message ID | 20210408133626.29232-1-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] Ensure using const variables with EVP_PKEY_get0_* | expand |
Hi, On 08/04/2021 15:36, Arne Schwabe wrote: > These functions return const pointers in OpenSSL 3.0.0alpha14, so > our pointers should be also const to avoid casting the const away. > > Signed-off-by: Arne Schwabe <arne@rfc2549.org> Trivial change. No behaviour is expected to be modified by this. This change improves implicit code documentation (thanks to the OpenSSL devs). Compiled tested against various LibreSSL/OpenSSL versions and none complained about the const. Acked-by: Antonio Quartulli <antonio@openvpn.net>
Your patch has been applied to the master branch. I have not tested this any further, but glance-at-code looks good. commit 6fc292d2ed008a53061ce953dea6ff1e692e6723 Author: Arne Schwabe Date: Thu Apr 8 15:36:26 2021 +0200 Ensure using const variables with EVP_PKEY_get0_* Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20210408133626.29232-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22081.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index cb8ac7727..a9bc342b0 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1248,12 +1248,11 @@ static int tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey) { RSA *rsa = NULL; - RSA *pub_rsa; RSA_METHOD *rsa_meth; ASSERT(NULL != ctx); - pub_rsa = EVP_PKEY_get0_RSA(pkey); + const RSA *pub_rsa = EVP_PKEY_get0_RSA(pkey); ASSERT(NULL != pub_rsa); /* allocate custom RSA method object */ @@ -2031,7 +2030,7 @@ print_cert_details(X509 *cert, char *buf, size_t buflen) #ifndef OPENSSL_NO_EC if (typeid == EVP_PKEY_EC && EVP_PKEY_get0_EC_KEY(pkey) != NULL) { - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); const EC_GROUP *group = EC_KEY_get0_group(ec); int nid = EC_GROUP_get_curve_name(group);
These functions return const pointers in OpenSSL 3.0.0alpha14, so our pointers should be also const to avoid casting the const away. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/ssl_openssl.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)