[openssl] master update

Dr. Paul Dale pauli at openssl.org
Fri Feb 5 05:54:47 UTC 2021


The branch master has been updated
       via  76624df15fef0725f28a8b9d0f31256946669b1a (commit)
       via  d82c7f3dba44b190eac80e5ddffac9a00cefd47d (commit)
       via  13e85fb3214fc5c84e30258ed56add1275b0fde3 (commit)
       via  f4a3799cc45cb986d5920403b3e0471678fee020 (commit)
      from  7dc67708c8ae6ec06c7fec34781225ed60b5e68d (commit)


- Log -----------------------------------------------------------------
commit 76624df15fef0725f28a8b9d0f31256946669b1a
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Feb 3 16:48:21 2021 +0100

    EVP: Adapt EVP_PKEY_{set1,get1}_encoded_public_key()
    
    These functions are modified to use EVP_PKEY_set_octet_string_param()
    and EVP_PKEY_get_octet_string_param() instead of evp_keymgmt_set_params()
    and evp_keymgmt_get_params().
    To accomplish this fully, EVP_PKEY_get_octet_string_param() is changed
    slightly to populate |*out_sz| with the return size, even if getting
    the params resulted in an error.
    
    We also modify EVP_PKEY_get_utf8_string_param() to match
    EVP_PKEY_get_octet_string_param()
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14056)

commit d82c7f3dba44b190eac80e5ddffac9a00cefd47d
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Feb 3 14:10:08 2021 +0100

    EVP: Modify the checks in EVP_PKEY_{set,get}_xxx_param() functions
    
    The checks of the type of EVP_PKEY were from before we had the macro
    evp_pkey_is_provided().
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14056)

commit 13e85fb3214fc5c84e30258ed56add1275b0fde3
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Feb 3 13:55:30 2021 +0100

    EVP: Adapt the other EVP_PKEY_set_xxx_param() functions
    
    They were calling evp_keymgmt_set_params() directly.  Those calls are
    changed to go through EVP_PKEY_set_params().
    
    We take the opportunity to constify these functions.  They have to
    unconstify internally for the compiler to stop complaining when
    placing those pointers in an OSSL_PARAM element, but that's still
    better than forcing the callers to do that cast.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14056)

commit f4a3799cc45cb986d5920403b3e0471678fee020
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Feb 3 13:50:23 2021 +0100

    EVP: Make EVP_PKEY_set_params() increment the dirty count
    
    When the internal key is changed, we must count it as muted, so that
    next time the affected key is considered for an operation, it gets
    re-exported to the signing provider.  In other words, this will clear
    the EVP_PKEY export cache when the next export attempt occurs.
    
    This also updates evp_keymgmt_util_export_to_provider() to actually
    look at the dirty count for provider native origin keys, and act
    appropriately.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14056)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/keymgmt_lib.c              |  31 +++--
 crypto/evp/p_lib.c                    | 207 +++++++++++++++-------------------
 doc/man3/EVP_PKEY_gettable_params.pod |  11 +-
 doc/man3/EVP_PKEY_settable_params.pod |   9 +-
 include/openssl/evp.h                 |  10 +-
 util/libcrypto.num                    |   1 +
 6 files changed, 134 insertions(+), 135 deletions(-)

diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
index 0c643b3b49..0112036263 100644
--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@@ -101,15 +101,22 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
     if (pk->keymgmt == keymgmt)
         return pk->keydata;
 
-    /* If this key is already exported to |keymgmt|, no more to do */
     CRYPTO_THREAD_read_lock(pk->lock);
-    i = evp_keymgmt_util_find_operation_cache_index(pk, keymgmt);
-    if (i < OSSL_NELEM(pk->operation_cache)
-        && pk->operation_cache[i].keymgmt != NULL) {
-        void *ret = pk->operation_cache[i].keydata;
+    /*
+     * If the provider native "origin" hasn't changed since last time, we
+     * try to find our keymgmt in the operation cache.  If it has changed,
+     * |i| remains zero, and we will clear the cache further down.
+     */
+    if (pk->dirty_cnt == pk->dirty_cnt_copy) {
+        /* If this key is already exported to |keymgmt|, no more to do */
+        i = evp_keymgmt_util_find_operation_cache_index(pk, keymgmt);
+        if (i < OSSL_NELEM(pk->operation_cache)
+            && pk->operation_cache[i].keymgmt != NULL) {
+            void *ret = pk->operation_cache[i].keydata;
 
-        CRYPTO_THREAD_unlock(pk->lock);
-        return ret;
+            CRYPTO_THREAD_unlock(pk->lock);
+            return ret;
+        }
     }
     CRYPTO_THREAD_unlock(pk->lock);
 
@@ -177,12 +184,22 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
         return ret;
     }
 
+    /*
+     * If the dirty counter changed since last time, then clear the
+     * operation cache.  In that case, we know that |i| is zero.
+     */
+    if (pk->dirty_cnt != pk->dirty_cnt_copy)
+        evp_keymgmt_util_clear_operation_cache(pk, 0);
+
     /* Add the new export to the operation cache */
     if (!evp_keymgmt_util_cache_keydata(pk, i, keymgmt, import_data.keydata)) {
         evp_keymgmt_freedata(keymgmt, import_data.keydata);
         return NULL;
     }
 
+    /* Synchronize the dirty count */
+    pk->dirty_cnt_copy = pk->dirty_cnt;
+
     CRYPTO_THREAD_unlock(pk->lock);
 
     return import_data.keydata;
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 558f378168..106830bfbb 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1298,17 +1298,11 @@ int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid)
 int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub,
                                      size_t publen)
 {
-    if (pkey->ameth == NULL) {
-        OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
-
-        if (pkey->keymgmt == NULL || pkey->keydata == NULL)
-            return 0;
-
-        params[0] =
-            OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
-                                              (unsigned char *)pub, publen);
-        return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
-    }
+    if (pkey != NULL && evp_pkey_is_provided(pkey))
+        return
+            EVP_PKEY_set_octet_string_param(pkey,
+                                            OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
+                                            (unsigned char *)pub, publen);
 
     if (publen > INT_MAX)
         return 0;
@@ -1323,29 +1317,28 @@ size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub)
 {
     int rv;
 
-    if (pkey->ameth == NULL) {
-        OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
-
-        if (pkey->keymgmt == NULL || pkey->keydata == NULL)
-            return 0;
+    if (pkey != NULL && evp_pkey_is_provided(pkey)) {
+        size_t return_size = OSSL_PARAM_UNMODIFIED;
 
-        params[0] =
-            OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
-                                              NULL, 0);
-        if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params))
+        /*
+         * We know that this is going to fail, but it will give us a size
+         * to allocate.
+         */
+        EVP_PKEY_get_octet_string_param(pkey,
+                                        OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
+                                        NULL, 0, &return_size);
+        if (return_size == OSSL_PARAM_UNMODIFIED)
             return 0;
 
-        *ppub = OPENSSL_malloc(params[0].return_size);
+        *ppub = OPENSSL_malloc(return_size);
         if (*ppub == NULL)
             return 0;
 
-        params[0] =
-            OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
-                                              *ppub, params[0].return_size);
-        if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params))
+        if (!EVP_PKEY_get_octet_string_param(pkey,
+                                             OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
+                                             *ppub, return_size, NULL))
             return 0;
-
-        return params[0].return_size;
+        return return_size;
     }
 
 
@@ -1995,15 +1988,6 @@ int evp_pkey_downgrade(EVP_PKEY *pk)
 }
 #endif  /* FIPS_MODULE */
 
-const OSSL_PARAM *EVP_PKEY_gettable_params(const EVP_PKEY *pkey)
-{
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL)
-        return 0;
-    return EVP_KEYMGMT_gettable_params(pkey->keymgmt);
-}
-
 int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name,
                           BIGNUM **bn)
 {
@@ -2013,17 +1997,16 @@ int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name,
     unsigned char *buf = NULL;
     size_t buf_sz = 0;
 
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL
-        || key_name == NULL
-        || bn == NULL)
+    if (key_name == NULL
+        || bn == NULL
+        || pkey == NULL
+        || !evp_pkey_is_provided(pkey))
         return 0;
 
     memset(buffer, 0, sizeof(buffer));
     params[0] = OSSL_PARAM_construct_BN(key_name, buffer, sizeof(buffer));
     params[1] = OSSL_PARAM_construct_end();
-    if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)) {
+    if (!EVP_PKEY_get_params(pkey, params)) {
         if (!OSSL_PARAM_modified(params) || params[0].return_size == 0)
             return 0;
         buf_sz = params[0].return_size;
@@ -2037,7 +2020,7 @@ int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name,
         params[0].data = buf;
         params[0].data_size = buf_sz;
 
-        if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params))
+        if (!EVP_PKEY_get_params(pkey, params))
             goto err;
     }
     /* Fail if the param was not found */
@@ -2054,21 +2037,20 @@ int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
                                     size_t *out_sz)
 {
     OSSL_PARAM params[2];
+    int ret1 = 0, ret2 = 0;
 
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL
-        || key_name == NULL)
+    if (key_name == NULL
+        || pkey == NULL
+        || !evp_pkey_is_provided(pkey))
         return 0;
 
     params[0] = OSSL_PARAM_construct_octet_string(key_name, buf, max_buf_sz);
     params[1] = OSSL_PARAM_construct_end();
-    if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)
-        || !OSSL_PARAM_modified(params))
-        return 0;
-    if (out_sz != NULL)
+    if ((ret1 = EVP_PKEY_get_params(pkey, params)))
+        ret2 = OSSL_PARAM_modified(params);
+    if (ret2 && out_sz != NULL)
         *out_sz = params[0].return_size;
-    return 1;
+    return ret1 && ret2;
 }
 
 int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name,
@@ -2076,21 +2058,18 @@ int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name,
                                     size_t *out_sz)
 {
     OSSL_PARAM params[2];
+    int ret1 = 0, ret2 = 0;
 
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL
-        || key_name == NULL)
+    if (key_name == NULL)
         return 0;
 
     params[0] = OSSL_PARAM_construct_utf8_string(key_name, str, max_buf_sz);
     params[1] = OSSL_PARAM_construct_end();
-    if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)
-        || !OSSL_PARAM_modified(params))
-        return 0;
-    if (out_sz != NULL)
+    if ((ret1 = EVP_PKEY_get_params(pkey, params)))
+        ret2 = OSSL_PARAM_modified(params);
+    if (ret2 && out_sz != NULL)
         *out_sz = params[0].return_size;
-    return 1;
+    return ret1 && ret2;
 }
 
 int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name,
@@ -2098,18 +2077,13 @@ int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name,
 {
     OSSL_PARAM params[2];
 
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL
-        || key_name == NULL)
+    if (key_name == NULL)
         return 0;
 
     params[0] = OSSL_PARAM_construct_int(key_name, out);
     params[1] = OSSL_PARAM_construct_end();
-    if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)
-        || !OSSL_PARAM_modified(params))
-        return 0;
-    return 1;
+    return EVP_PKEY_get_params(pkey, params)
+        && OSSL_PARAM_modified(params);
 }
 
 int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name,
@@ -2117,61 +2091,50 @@ int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name,
 {
     OSSL_PARAM params[2];
 
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL
-        || key_name == NULL)
+    if (key_name == NULL)
         return 0;
 
     params[0] = OSSL_PARAM_construct_size_t(key_name, out);
     params[1] = OSSL_PARAM_construct_end();
-    if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)
-        || !OSSL_PARAM_modified(params))
-        return 0;
-    return 1;
+    return EVP_PKEY_get_params(pkey, params)
+        && OSSL_PARAM_modified(params);
 }
 
 int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in)
 {
     OSSL_PARAM params[2];
 
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL
-        || key_name == NULL)
+    if (key_name == NULL)
         return 0;
 
     params[0] = OSSL_PARAM_construct_int(key_name, &in);
     params[1] = OSSL_PARAM_construct_end();
-    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+    return EVP_PKEY_set_params(pkey, params);
 }
 
 int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in)
 {
     OSSL_PARAM params[2];
 
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL
-        || key_name == NULL)
+    if (key_name == NULL)
         return 0;
 
     params[0] = OSSL_PARAM_construct_size_t(key_name, &in);
     params[1] = OSSL_PARAM_construct_end();
-    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+    return EVP_PKEY_set_params(pkey, params);
 }
 
-int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn)
+int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name,
+                          const BIGNUM *bn)
 {
     OSSL_PARAM params[2];
     unsigned char buffer[2048];
     int bsize = 0;
 
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL
-        || key_name == NULL
-        || bn == NULL)
+    if (key_name == NULL
+        || bn == NULL
+        || pkey == NULL
+        || !evp_pkey_is_provided(pkey))
         return 0;
 
     bsize = BN_num_bytes(bn);
@@ -2182,57 +2145,65 @@ int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn)
         return 0;
     params[0] = OSSL_PARAM_construct_BN(key_name, buffer, bsize);
     params[1] = OSSL_PARAM_construct_end();
-    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+    return EVP_PKEY_set_params(pkey, params);
 }
 
 int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
-                                   char *str)
+                                   const char *str)
 {
     OSSL_PARAM params[2];
 
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL
-        || key_name == NULL)
+    if (key_name == NULL)
         return 0;
 
-    params[0] = OSSL_PARAM_construct_utf8_string(key_name, str, 0);
+    params[0] = OSSL_PARAM_construct_utf8_string(key_name, (char *)str, 0);
     params[1] = OSSL_PARAM_construct_end();
-    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+    return EVP_PKEY_set_params(pkey, params);
 }
 
 int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
-                                    unsigned char *buf, size_t bsize)
+                                    const unsigned char *buf, size_t bsize)
 {
     OSSL_PARAM params[2];
 
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL
-        || key_name == NULL)
+    if (key_name == NULL)
         return 0;
 
-    params[0] = OSSL_PARAM_construct_octet_string(key_name, buf, bsize);
+    params[0] = OSSL_PARAM_construct_octet_string(key_name,
+                                                  (unsigned char *)buf, bsize);
     params[1] = OSSL_PARAM_construct_end();
-    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+    return EVP_PKEY_set_params(pkey, params);
 }
 
-const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey)
+const OSSL_PARAM *EVP_PKEY_settable_params(const EVP_PKEY *pkey)
 {
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL)
-        return 0;
-    return EVP_KEYMGMT_settable_params(pkey->keymgmt);
+    return (pkey != NULL && evp_pkey_is_provided(pkey))
+        ? EVP_KEYMGMT_settable_params(pkey->keymgmt)
+        : NULL;
 }
 
 int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[])
 {
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL)
+    if (pkey == NULL)
         return 0;
-    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+
+    pkey->dirty_cnt++;
+    return evp_pkey_is_provided(pkey)
+        && evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+const OSSL_PARAM *EVP_PKEY_gettable_params(const EVP_PKEY *pkey)
+{
+    return (pkey != NULL && evp_pkey_is_provided(pkey))
+        ? EVP_KEYMGMT_gettable_params(pkey->keymgmt)
+        : NULL;
+}
+
+int EVP_PKEY_get_params(const EVP_PKEY *pkey, OSSL_PARAM params[])
+{
+    return pkey != NULL
+        && evp_pkey_is_provided(pkey)
+        && evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params);
 }
 
 #ifndef FIPS_MODULE
diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod
index 8b176f0819..7a1eaaa548 100644
--- a/doc/man3/EVP_PKEY_gettable_params.pod
+++ b/doc/man3/EVP_PKEY_gettable_params.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-EVP_PKEY_gettable_params, EVP_PKEY_get_int_param, EVP_PKEY_get_size_t_param,
+EVP_PKEY_gettable_params, EVP_PKEY_get_params,
+EVP_PKEY_get_int_param, EVP_PKEY_get_size_t_param,
 EVP_PKEY_get_bn_param, EVP_PKEY_get_utf8_string_param,
 EVP_PKEY_get_octet_string_param
 - retrieve key parameters from a key
@@ -12,6 +13,7 @@ EVP_PKEY_get_octet_string_param
  #include <openssl/evp.h>
 
  const OSSL_PARAM *EVP_PKEY_gettable_params(EVP_PKEY *pkey);
+ int EVP_PKEY_get_params(const EVP_PKEY *pkey, OSSL_PARAM params[]);
  int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name,
                             int *out);
  int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name,
@@ -27,6 +29,10 @@ EVP_PKEY_get_octet_string_param
 
 =head1 DESCRIPTION
 
+EVP_PKEY_get_params() retrieves parameters from the key I<pkey>, according to
+the contents of I<params>.
+See L<OSSL_PARAM(3)> for information about parameters.
+
 EVP_PKEY_gettable_params() returns a constant list of I<params> indicating
 the names and types of key parameters that can be retrieved.
 See L<OSSL_PARAM(3)> for information about parameters.
@@ -61,7 +67,8 @@ All other methods return 1 if a value associated with the key's I<key_name> was
 successfully returned, or 0 if there was an error.
 An error may be returned by methods EVP_PKEY_get_utf8_string_param() and
 EVP_PKEY_get_octet_string_param() if I<max_buf_sz> is not big enough to hold the
-value.
+value.  If I<out_sz> is not NULL, I<*out_sz> will be assigned the required
+buffer size to hold the value.
 
 =head1 EXAMPLES
 
diff --git a/doc/man3/EVP_PKEY_settable_params.pod b/doc/man3/EVP_PKEY_settable_params.pod
index a33eadc8fc..6760818cda 100644
--- a/doc/man3/EVP_PKEY_settable_params.pod
+++ b/doc/man3/EVP_PKEY_settable_params.pod
@@ -11,15 +11,16 @@ EVP_PKEY_set_utf8_string_param, EVP_PKEY_set_octet_string_param
 
  #include <openssl/evp.h>
 
- const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey);
+ const OSSL_PARAM *EVP_PKEY_settable_params(const EVP_PKEY *pkey);
  int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
  int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in);
  int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in);
- int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn);
+ int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name,
+                           const BIGNUM *bn);
  int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
-                                    char *str);
+                                    const char *str);
  int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
-                                     unsigned char *buf, size_t bsize);
+                                     const unsigned char *buf, size_t bsize);
 
 =head1 DESCRIPTION
 
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index f5e3592c30..239b107833 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1796,6 +1796,7 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM param[]);
 const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx);
 const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx);
 const OSSL_PARAM *EVP_PKEY_gettable_params(const EVP_PKEY *pkey);
+int EVP_PKEY_get_params(const EVP_PKEY *pkey, OSSL_PARAM params[]);
 int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name,
                            int *out);
 int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name,
@@ -1808,15 +1809,16 @@ int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
                                     unsigned char *buf, size_t max_buf_sz,
                                     size_t *out_sz);
 
-const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey);
+const OSSL_PARAM *EVP_PKEY_settable_params(const EVP_PKEY *pkey);
 int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
 int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in);
 int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in);
-int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn);
+int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name,
+                          const BIGNUM *bn);
 int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
-                                   char *str);
+                                   const char *str);
 int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
-                                    unsigned char *buf, size_t bsize);
+                                    const unsigned char *buf, size_t bsize);
 
 int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey);
 int EVP_PKEY_get_field_type(const EVP_PKEY *pkey);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index cbba0768b1..32e7779bce 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5298,3 +5298,4 @@ EVP_PKEY_set_utf8_string_param          ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_set_octet_string_param         ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get_ec_point_conv_form         ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get_field_type                 ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_params                     ?	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list