Discarding the const
from EVP_PKEY_get0_RSA()
and EVP_PKEY_get0_EC_KEY()
#21438
-
The code base in my company (which was ported from 1.0.2 to 1.1.1 not too long ago) still has many locations where Porting to 3.1, I get compiler errors because the pointers returned by Looking at the following comments, which where added by @mattcaswell in commit 5dc6489, it seems to be safe to discard the openssl/crypto/rsa/rsa_pmeth.c Lines 142 to 146 in 66f61ec Lines 110 to 115 in 66f61ec Is it true that it is safe to discard the const for low level signing operations also in application code under the assumption that only OpenSSL providers (default, fips, legacy) are used? RSA *rsa = (RSA*)EVP_PKEY_get0_RSA(rsaKey);
EC_KEY *ec =(EC_KEY*)EVP_PKEY_get0_EC_KEY(ecKey); |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Yes it should be fine. The main point to realise is that any changes made to a low level key won't be reflected back in the provider side key. I haven't gone through the various RSA_* functions to see why they are currently non-const - but it is likely to be related to caching of |
Beta Was this translation helpful? Give feedback.
Yes it should be fine. The main point to realise is that any changes made to a low level key won't be reflected back in the provider side key. I haven't gone through the various RSA_* functions to see why they are currently non-const - but it is likely to be related to caching of
BN_BLINDING
. Just don't go making changes to the various paramsp
,q
, etc and expect those updates to be reflected back in the provider side key.