EVP: Adapt the other EVP_PKEY_set_xxx_param() functions

They were calling evp_keymgmt_set_params() directly. Those calls are changed to go through EVP_PKEY_set_params(). We take the opportunity to constify these functions. They have to unconstify internally for the compiler to stop complaining when placing those pointers in an OSSL_PARAM element, but that's still better than forcing the callers to do that cast. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #14056)
openssl · Feb 5, 2021 · 13e85fb · 13e85fb
1 parent f4a3799
commit 13e85fb
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 38 deletions.
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
@@ -1995,15 +1995,6 @@ int evp_pkey_downgrade(EVP_PKEY *pk)
 }
 #endif  /* FIPS_MODULE */
 
-const OSSL_PARAM *EVP_PKEY_gettable_params(const EVP_PKEY *pkey)
-{
-    if (pkey == NULL
-        || pkey->keymgmt == NULL
-        || pkey->keydata == NULL)
-        return 0;
-    return EVP_KEYMGMT_gettable_params(pkey->keymgmt);
-}
-
 int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name,
                           BIGNUM **bn)
 {
@@ -2023,7 +2014,7 @@ int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name,
     memset(buffer, 0, sizeof(buffer));
     params[0] = OSSL_PARAM_construct_BN(key_name, buffer, sizeof(buffer));
     params[1] = OSSL_PARAM_construct_end();
-    if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)) {
+    if (!EVP_PKEY_get_params(pkey, params)) {
         if (!OSSL_PARAM_modified(params) || params[0].return_size == 0)
             return 0;
         buf_sz = params[0].return_size;
@@ -2037,7 +2028,7 @@ int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name,
         params[0].data = buf;
         params[0].data_size = buf_sz;
 
-        if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params))
+        if (!EVP_PKEY_get_params(pkey, params))
             goto err;
     }
     /* Fail if the param was not found */
@@ -2063,7 +2054,7 @@ int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
 
     params[0] = OSSL_PARAM_construct_octet_string(key_name, buf, max_buf_sz);
     params[1] = OSSL_PARAM_construct_end();
-    if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)
+    if (!EVP_PKEY_get_params(pkey, params)
         || !OSSL_PARAM_modified(params))
         return 0;
     if (out_sz != NULL)
@@ -2085,7 +2076,7 @@ int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name,
 
     params[0] = OSSL_PARAM_construct_utf8_string(key_name, str, max_buf_sz);
     params[1] = OSSL_PARAM_construct_end();
-    if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)
+    if (!EVP_PKEY_get_params(pkey, params)
         || !OSSL_PARAM_modified(params))
         return 0;
     if (out_sz != NULL)
@@ -2106,10 +2097,8 @@ int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name,
 
     params[0] = OSSL_PARAM_construct_int(key_name, out);
     params[1] = OSSL_PARAM_construct_end();
-    if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)
-        || !OSSL_PARAM_modified(params))
-        return 0;
-    return 1;
+    return EVP_PKEY_get_params(pkey, params)
+        && OSSL_PARAM_modified(params);
 }
 
 int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name,
@@ -2125,10 +2114,8 @@ int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name,
 
     params[0] = OSSL_PARAM_construct_size_t(key_name, out);
     params[1] = OSSL_PARAM_construct_end();
-    if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)
-        || !OSSL_PARAM_modified(params))
-        return 0;
-    return 1;
+    return EVP_PKEY_get_params(pkey, params)
+        && OSSL_PARAM_modified(params);
 }
 
 int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in)
@@ -2143,7 +2130,7 @@ int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in)
 
     params[0] = OSSL_PARAM_construct_int(key_name, &in);
     params[1] = OSSL_PARAM_construct_end();
-    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+    return EVP_PKEY_set_params(pkey, params);
 }
 
 int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in)
@@ -2158,10 +2145,11 @@ int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in)
 
     params[0] = OSSL_PARAM_construct_size_t(key_name, &in);
     params[1] = OSSL_PARAM_construct_end();
-    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+    return EVP_PKEY_set_params(pkey, params);
 }
 
-int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn)
+int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name,
+                          const BIGNUM *bn)
 {
     OSSL_PARAM params[2];
     unsigned char buffer[2048];
@@ -2182,11 +2170,11 @@ int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn)
         return 0;
     params[0] = OSSL_PARAM_construct_BN(key_name, buffer, bsize);
     params[1] = OSSL_PARAM_construct_end();
-    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+    return EVP_PKEY_set_params(pkey, params);
 }
 
 int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
-                                   char *str)
+                                   const char *str)
 {
     OSSL_PARAM params[2];
 
@@ -2196,13 +2184,13 @@ int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
         || key_name == NULL)
         return 0;
 
-    params[0] = OSSL_PARAM_construct_utf8_string(key_name, str, 0);
+    params[0] = OSSL_PARAM_construct_utf8_string(key_name, (char *)str, 0);
     params[1] = OSSL_PARAM_construct_end();
-    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+    return EVP_PKEY_set_params(pkey, params);
 }
 
 int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
-                                    unsigned char *buf, size_t bsize)
+                                    const unsigned char *buf, size_t bsize)
 {
     OSSL_PARAM params[2];
 
@@ -2212,9 +2200,10 @@ int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
         || key_name == NULL)
         return 0;
 
-    params[0] = OSSL_PARAM_construct_octet_string(key_name, buf, bsize);
+    params[0] = OSSL_PARAM_construct_octet_string(key_name,
+                                                  (unsigned char *)buf, bsize);
     params[1] = OSSL_PARAM_construct_end();
-    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+    return EVP_PKEY_set_params(pkey, params);
 }
 
 const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey)
@@ -2236,6 +2225,20 @@ int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[])
         && evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
 }
 
+const OSSL_PARAM *EVP_PKEY_gettable_params(const EVP_PKEY *pkey)
+{
+    return pkey != NULL
+        && evp_pkey_is_provided(pkey)
+        && EVP_KEYMGMT_gettable_params(pkey->keymgmt);
+}
+
+int EVP_PKEY_get_params(const EVP_PKEY *pkey, OSSL_PARAM params[])
+{
+    return pkey != NULL
+        && evp_pkey_is_provided(pkey)
+        && evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params);
+}
+
 #ifndef FIPS_MODULE
 int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey)
 {

diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-EVP_PKEY_gettable_params, EVP_PKEY_get_int_param, EVP_PKEY_get_size_t_param,
+EVP_PKEY_gettable_params, EVP_PKEY_get_params,
+EVP_PKEY_get_int_param, EVP_PKEY_get_size_t_param,
 EVP_PKEY_get_bn_param, EVP_PKEY_get_utf8_string_param,
 EVP_PKEY_get_octet_string_param
 - retrieve key parameters from a key
@@ -12,6 +13,7 @@ EVP_PKEY_get_octet_string_param
  #include <openssl/evp.h>
 
  const OSSL_PARAM *EVP_PKEY_gettable_params(EVP_PKEY *pkey);
+ int EVP_PKEY_get_params(const EVP_PKEY *pkey, OSSL_PARAM params[]);
  int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name,
                             int *out);
  int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name,
@@ -27,6 +29,10 @@ EVP_PKEY_get_octet_string_param
 
 =head1 DESCRIPTION
 
+EVP_PKEY_get_params() retrieves parameters from the key I<pkey>, according to
+the contents of I<params>.
+See L<OSSL_PARAM(3)> for information about parameters.
+
 EVP_PKEY_gettable_params() returns a constant list of I<params> indicating
 the names and types of key parameters that can be retrieved.
 See L<OSSL_PARAM(3)> for information about parameters.

diff --git a/doc/man3/EVP_PKEY_settable_params.pod b/doc/man3/EVP_PKEY_settable_params.pod
@@ -15,11 +15,12 @@ EVP_PKEY_set_utf8_string_param, EVP_PKEY_set_octet_string_param
  int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
  int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in);
  int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in);
- int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn);
+ int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name,
+                           const BIGNUM *bn);
  int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
-                                    char *str);
+                                    const char *str);
  int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
-                                     unsigned char *buf, size_t bsize);
+                                     const unsigned char *buf, size_t bsize);
 
 =head1 DESCRIPTION
 

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
@@ -1796,6 +1796,7 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM param[]);
 const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx);
 const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx);
 const OSSL_PARAM *EVP_PKEY_gettable_params(const EVP_PKEY *pkey);
+int EVP_PKEY_get_params(const EVP_PKEY *pkey, OSSL_PARAM params[]);
 int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name,
                            int *out);
 int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name,
@@ -1812,11 +1813,12 @@ const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey);
 int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
 int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in);
 int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in);
-int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn);
+int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name,
+                          const BIGNUM *bn);
 int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
-                                   char *str);
+                                   const char *str);
 int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
-                                    unsigned char *buf, size_t bsize);
+                                    const unsigned char *buf, size_t bsize);
 
 int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey);
 int EVP_PKEY_get_field_type(const EVP_PKEY *pkey);

diff --git a/util/libcrypto.num b/util/libcrypto.num
@@ -5298,3 +5298,4 @@ EVP_PKEY_set_utf8_string_param          ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_set_octet_string_param         ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get_ec_point_conv_form         ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get_field_type                 ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_params                     ?	3_0_0	EXIST::FUNCTION: