CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/07/02 00:36:52
Modified files:
lib/libcrypto/evp: evp.h p_lib.c
Log message:
Const correct EVP_PKEY_get{0,1}_{DH,DSA,EC_KEY,RSA}()
These are safe to call concurrently and they don't modify the memory
region pointed to by the pkey - they only bump the refcount of the
key hanging off of it. The returned "legacy" key has to be handled with
care in threaded constexts, so it is handed back as non-const. This also
matches what EVP_PKEY_get0() always had.
This way our signature is identical to BoringSSL's and doesn't cause
compiler warnings in code that overuses const because one of the many
API incoherencies added by OpenSSL 3 was to turn get0 into a function
that takes and returns const while leaving get1 as it was.
dlg agrees
ok kenjiro
