Fix constness of |gcm128_context.key|.

The key is never modified through the key pointer member, and the calling code relies on that fact for maintaining its own const-correctness. Change-Id: I63946451aa7c400cd127895a61c30d9a647b1b8c Reviewed-on: https://boringssl-review.googlesource.com/6040 Reviewed-by: Adam Langley <alangley@gmail.com>
2015-09-29 14:58:06 -10:00 · 2015-09-29 14:58:06 -10:00 · 3f3f25d8a2
commit 3f3f25d8a2
parent eca509c8da
3 changed files with 11 additions and 9 deletions
--- a/crypto/modes/gcm.c
+++ b/crypto/modes/gcm.c
@ -406,7 +406,7 @@ void gcm_ghash_neon(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
 #endif
 #endif

-GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) {
+GCM128_CONTEXT *CRYPTO_gcm128_new(const void *key, block128_f block) {
  GCM128_CONTEXT *ret;

  ret = (GCM128_CONTEXT *)OPENSSL_malloc(sizeof(GCM128_CONTEXT));
@ -417,7 +417,8 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) {
  return ret;
 }

-void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) {
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *key,
+                        block128_f block) {
  const union {
    long one;
    char little;
@ -642,7 +643,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const unsigned char *in,
  size_t i;
  uint64_t mlen = ctx->len.u[1];
  block128_f block = ctx->block;
-  void *key = ctx->key;
+  const void *key = ctx->key;
 #ifdef GCM_FUNCREF_4BIT
  void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult;
 #ifdef GHASH
@ -802,7 +803,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const unsigned char *in,
  size_t i;
  uint64_t mlen = ctx->len.u[1];
  block128_f block = ctx->block;
-  void *key = ctx->key;
+  const void *key = ctx->key;
 #ifdef GCM_FUNCREF_4BIT
  void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult;
 #ifdef GHASH
@ -967,7 +968,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const uint8_t *in,
  } is_endian = {1};
  unsigned int n, ctr;
  uint64_t mlen = ctx->len.u[1];
-  void *key = ctx->key;
+  const void *key = ctx->key;
 #ifdef GCM_FUNCREF_4BIT
  void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult;
 #ifdef GHASH
@ -1077,7 +1078,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const uint8_t *in,
  } is_endian = {1};
  unsigned int n, ctr;
  uint64_t mlen = ctx->len.u[1];
-  void *key = ctx->key;
+  const void *key = ctx->key;
 #ifdef GCM_FUNCREF_4BIT
  void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult;
 #ifdef GHASH
--- a/crypto/modes/internal.h
+++ b/crypto/modes/internal.h
@ -170,7 +170,7 @@ struct gcm128_context {

  unsigned int mres, ares;
  block128_f block;
-  void *key;
+  const void *key;
 };

 struct ccm128_context {
--- a/include/openssl/modes.h
+++ b/include/openssl/modes.h
@ -97,11 +97,12 @@ typedef struct gcm128_context GCM128_CONTEXT;

 /* CRYPTO_gcm128_new allocates a fresh |GCM128_CONTEXT| and calls
 * |CRYPTO_gcm128_init|. It returns the new context, or NULL on error. */
-OPENSSL_EXPORT GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
+OPENSSL_EXPORT GCM128_CONTEXT *CRYPTO_gcm128_new(const void *key,
+                                                 block128_f block);

 /* CRYPTO_gcm128_init initialises |ctx| to use |block| (typically AES) with the
 * given key. */
-OPENSSL_EXPORT void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key,
+OPENSSL_EXPORT void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *key,
                                       block128_f block);

 /* CRYPTO_gcm128_setiv sets the IV (nonce) for |ctx|. */