Constify the return value of X509_get0_pubkey_bitstr()

Part of #28654
Fixes: https://github.com/openssl/project/issues/1772
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29434)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 9c55fecd4ffe39c9569af145979eb6e601af2536..b86d14f56c1ceb1a63e1e84fa11750206cfa408a 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -981,7 +981,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
 {
     OCSP_CERTID *id = NULL;
     const X509_NAME *iname;
-    ASN1_BIT_STRING *ikey;
+    const ASN1_BIT_STRING *ikey;
     ASN1_INTEGER *sno;
 
     if (issuer == NULL) {

diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index b8f3bdccc071e8ef32644c85db8d8a9be9b18a2a..49a620a076a079744580d4dc61a90e3b599ad4b6 100644 (file)
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -24,7 +24,7 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
 {
     const X509_NAME *iname;
     const ASN1_INTEGER *serial;
-    ASN1_BIT_STRING *ikey;
+    const ASN1_BIT_STRING *ikey;
 
     if (!dgst)
         dgst = EVP_sha1();

diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 0c43c50fe6bb7a808737ddab1b0fae1ea3d58875..7c866eec765c03053f1f66c15299c9c35d3a7526 100644 (file)
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -204,7 +204,7 @@ int X509_ocspid_print(BIO *bp, const X509 *x)
     int derlen;
     int i;
     unsigned char SHA1md[SHA_DIGEST_LENGTH];
-    ASN1_BIT_STRING *keybstr;
+    const ASN1_BIT_STRING *keybstr;
     const X509_NAME *subj;
     EVP_MD *md = NULL;
 

diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 1de8274c28cf316de99654890ff7e18f5a998800..5c609f60485b53a407cd0b3b21789fe01cb28281 100644 (file)
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -488,7 +488,7 @@ int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey)
 int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
     unsigned char *md, unsigned int *len)
 {
-    ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data);
+    const ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data);
 
     if (key == NULL)
         return 0;

diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 301e3261ab4f430f924f23fab4e1d358bf6d1136..56b8da332115afa6a4274a43ff4dd776854d2e5d 100644 (file)
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -1028,7 +1028,7 @@ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
     return 1;
 }
 
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+const ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
 {
     if (x == NULL)
         return NULL;

diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index 9c99332fee5842adb3f61856eef14d6450ab38cb..0366320992dc708bf6deb89f7e49c0b2f0414b6c 100644 (file)
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -695,7 +695,7 @@ void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
     const ASN1_BIT_STRING **psuid);
 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
 
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
+const ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
 
 #define X509_REQ_VERSION_1 0
 

diff --git a/test/localetest.c b/test/localetest.c
index 63871fa063ce5f58bf46918768849aea415adbb2..176219f009d5494a5944298d8fa29e012984d4c7 100644 (file)
--- a/test/localetest.c
+++ b/test/localetest.c
@@ -95,7 +95,7 @@ int setup_tests(void)
     char str1[] = "SubjectPublicKeyInfo", str2[] = "subjectpublickeyinfo";
     int res;
     X509 *cert = NULL;
-    X509_PUBKEY *cert_pubkey = NULL;
+    const X509_PUBKEY *cert_pubkey = NULL;
     const unsigned char *p = der_bytes;
 
     if (setlocale(LC_ALL, "") == NULL)