From c4796c92e0aced2342ed5687201aea07189c3bc1 Mon Sep 17 00:00:00 2001 From: Matthew Braithwaite Date: Thu, 16 Feb 2017 16:49:54 -0800 Subject: [PATCH] ECDSA: const EC_KEY* arguments where possible. Change-Id: Ic4bdad4631d603a9944312e13997ec98739a45ab Reviewed-on: https://boringssl-review.googlesource.com/13924 Commit-Queue: Matt Braithwaite CQ-Verified: CQ bot account: commit-bot@chromium.org Reviewed-by: Matt Braithwaite --- crypto/ecdsa/ecdsa.c | 20 +++++++++++--------- include/openssl/ecdsa.h | 16 ++++++++-------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/crypto/ecdsa/ecdsa.c b/crypto/ecdsa/ecdsa.c index 34320819..e1a0525f 100644 --- a/crypto/ecdsa/ecdsa.c +++ b/crypto/ecdsa/ecdsa.c @@ -66,9 +66,10 @@ int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, - unsigned int *sig_len, EC_KEY *eckey) { + unsigned int *sig_len, const EC_KEY *eckey) { if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) { - return eckey->ecdsa_meth->sign(digest, digest_len, sig, sig_len, eckey); + return eckey->ecdsa_meth->sign(digest, digest_len, sig, sig_len, + (EC_KEY*) eckey /* cast away const */); } return ECDSA_sign_ex(type, digest, digest_len, sig, sig_len, NULL, NULL, @@ -76,7 +77,7 @@ int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, } int ECDSA_verify(int type, const uint8_t *digest, size_t digest_len, - const uint8_t *sig, size_t sig_len, EC_KEY *eckey) { + const uint8_t *sig, size_t sig_len, const EC_KEY *eckey) { ECDSA_SIG *s; int ret = 0; uint8_t *der = NULL; @@ -133,12 +134,12 @@ static int digest_to_bn(BIGNUM *out, const uint8_t *digest, size_t digest_len, } ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest, size_t digest_len, - EC_KEY *key) { + const EC_KEY *key) { return ECDSA_do_sign_ex(digest, digest_len, NULL, NULL, key); } int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, - const ECDSA_SIG *sig, EC_KEY *eckey) { + const ECDSA_SIG *sig, const EC_KEY *eckey) { int ret = 0; BN_CTX *ctx; BIGNUM *u1, *u2, *m, *X; @@ -224,7 +225,7 @@ err: return ret; } -static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, +static int ecdsa_sign_setup(const EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp, const uint8_t *digest, size_t digest_len) { BN_CTX *ctx = NULL; @@ -338,13 +339,14 @@ err: return ret; } -int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp) { +int ECDSA_sign_setup(const EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + BIGNUM **rp) { return ecdsa_sign_setup(eckey, ctx, kinv, rp, NULL, 0); } ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len, const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey) { + const EC_KEY *eckey) { int ok = 0; BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL; const BIGNUM *ckinv; @@ -441,7 +443,7 @@ err: int ECDSA_sign_ex(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, unsigned int *sig_len, const BIGNUM *kinv, - const BIGNUM *r, EC_KEY *eckey) { + const BIGNUM *r, const EC_KEY *eckey) { int ret = 0; ECDSA_SIG *s = NULL; diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h index 38907447..8a158b87 100644 --- a/include/openssl/ecdsa.h +++ b/include/openssl/ecdsa.h @@ -75,7 +75,7 @@ extern "C" { * zero otherwise. */ OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, - unsigned int *sig_len, EC_KEY *key); + unsigned int *sig_len, const EC_KEY *key); /* ECDSA_verify verifies that |sig_len| bytes from |sig| constitute a valid * signature by |key| of |digest|. (The |type| argument should be zero.) It @@ -83,7 +83,7 @@ OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest, * occurred. */ OPENSSL_EXPORT int ECDSA_verify(int type, const uint8_t *digest, size_t digest_len, const uint8_t *sig, - size_t sig_len, EC_KEY *key); + size_t sig_len, const EC_KEY *key); /* ECDSA_size returns the maximum size of an ECDSA signature using |key|. It * returns zero on error. */ @@ -109,13 +109,13 @@ OPENSSL_EXPORT void ECDSA_SIG_free(ECDSA_SIG *sig); /* ECDSA_do_sign signs |digest_len| bytes from |digest| with |key| and returns * the resulting signature structure, or NULL on error. */ OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest, - size_t digest_len, EC_KEY *key); + size_t digest_len, const EC_KEY *key); /* ECDSA_do_verify verifies that |sig| constitutes a valid signature by |key| * of |digest|. It returns one on success or zero if the signature is invalid * or on error. */ OPENSSL_EXPORT int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, - const ECDSA_SIG *sig, EC_KEY *key); + const ECDSA_SIG *sig, const EC_KEY *key); /* Signing with precomputation. @@ -128,22 +128,22 @@ OPENSSL_EXPORT int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, /* ECDSA_sign_setup precomputes parts of an ECDSA signing operation. It sets * |*kinv| and |*rp| to the precomputed values and uses the |ctx| argument, if * not NULL. It returns one on success and zero otherwise. */ -OPENSSL_EXPORT int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, - BIGNUM **rp); +OPENSSL_EXPORT int ECDSA_sign_setup(const EC_KEY *eckey, BN_CTX *ctx, + BIGNUM **kinv, BIGNUM **rp); /* ECDSA_do_sign_ex is the same as |ECDSA_do_sign| but takes precomputed values * as generated by |ECDSA_sign_setup|. */ OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len, const BIGNUM *kinv, const BIGNUM *rp, - EC_KEY *eckey); + const EC_KEY *eckey); /* ECDSA_sign_ex is the same as |ECDSA_sign| but takes precomputed values as * generated by |ECDSA_sign_setup|. */ OPENSSL_EXPORT int ECDSA_sign_ex(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, unsigned int *sig_len, const BIGNUM *kinv, - const BIGNUM *rp, EC_KEY *eckey); + const BIGNUM *rp, const EC_KEY *eckey); /* ASN.1 functions. */