[SSSD] [sssd PR#846][opened] crypto: unconst key in sss_encrypt and sss_decrypt

Mon, 08 Jul 2019 02:29:49 -0700 

   URL: https://github.com/SSSD/sssd/pull/846
Author: pbrezina
 Title: #846: crypto: unconst key in sss_encrypt and sss_decrypt
Action: opened

PR body:
"""
The key parameter was made const in 8aa0dfdf6e36fa90855c0f35a4dfa57139ad6504
but it produces errors:

```
  CC       src/util/crypto/libsss_crypt_la-sss_crypto.lo
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c: In function 
‘sss_encrypt’:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:96:38: error: 
passing argument 3 of ‘nss_ctx_init’ discards ‘const’ qualifier from pointer 
target type [-Werror=discarded-qualifiers]
     ret = nss_ctx_init(tmp_ctx, enc, key, keylen, out, ivlen, &cctx);
                                      ^~~
In file included from 
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:30:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_crypto.h:61:27: note: 
expected ‘uint8_t *’ {aka ‘unsigned char *’} but argument is of type ‘const 
uint8_t *’ {aka ‘const unsigned char *’}
                  uint8_t *key, int keylen,
                  ~~~~~~~~~^~~
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:133:39: error: 
passing argument 3 of ‘nss_ctx_init’ discards ‘const’ qualifier from pointer 
target type [-Werror=discarded-qualifiers]
     ret = nss_ctx_init(tmp_ctx, hmac, key, keylen, NULL, 0, &hctx);
                                       ^~~
In file included from 
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:30:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_crypto.h:61:27: note: 
expected ‘uint8_t *’ {aka ‘unsigned char *’} but argument is of type ‘const 
uint8_t *’ {aka ‘const unsigned char *’}
                  uint8_t *key, int keylen,
                  ~~~~~~~~~^~~
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c: In function 
‘sss_decrypt’:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:221:39: error: 
passing argument 3 of ‘nss_ctx_init’ discards ‘const’ qualifier from pointer 
target type [-Werror=discarded-qualifiers]
     ret = nss_ctx_init(tmp_ctx, hmac, key, keylen, NULL, 0, &hctx);
                                       ^~~
In file included from 
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:30:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_crypto.h:61:27: note: 
expected ‘uint8_t *’ {aka ‘unsigned char *’} but argument is of type ‘const 
uint8_t *’ {aka ‘const unsigned char *’}
                  uint8_t *key, int keylen,
                  ~~~~~~~~~^~~
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:268:38: error: 
passing argument 3 of ‘nss_ctx_init’ discards ‘const’ qualifier from pointer 
target type [-Werror=discarded-qualifiers]
     ret = nss_ctx_init(tmp_ctx, enc, key, keylen, ivbuf, ivlen, &cctx);
                                      ^~~
In file included from 
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:30:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_crypto.h:61:27: note: 
expected ‘uint8_t *’ {aka ‘unsigned char *’} but argument is of type ‘const 
uint8_t *’ {aka ‘const unsigned char *’}
                  uint8_t *key, int keylen,
```

Making the parameter const also in `nss_ctx_init` will produce another error 
which is out of our control thus removing the const.

```
In file included from 
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_util.c:33:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_util.c: In function 
‘nss_ctx_init’:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_crypto.h:33:19: error: 
assignment discards ‘const’ qualifier from pointer target type 
[-Werror=discarded-qualifiers]
     (sitem)->data = (sdata);    \
                   ^
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_util.c:180:13: note: in 
expansion of macro ‘MAKE_SECITEM’
             MAKE_SECITEM(key, keylen, cctx->key);
```
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/846/head:pr846
git checkout pr846

From da1ab62af7276a8bed03146889702387ddddf650 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Mon, 8 Jul 2019 11:25:33 +0200
Subject: [PATCH] crypto: unconst key in sss_encrypt and sss_decrypt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The key parameter was made const in 8aa0dfdf6e36fa90855c0f35a4dfa57139ad6504
but it produces errors:

```
  CC       src/util/crypto/libsss_crypt_la-sss_crypto.lo
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c: In function ‘sss_encrypt’:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:96:38: error: passing argument 3 of ‘nss_ctx_init’ discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
     ret = nss_ctx_init(tmp_ctx, enc, key, keylen, out, ivlen, &cctx);
                                      ^~~
In file included from /home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:30:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_crypto.h:61:27: note: expected ‘uint8_t *’ {aka ‘unsigned char *’} but argument is of type ‘const uint8_t *’ {aka ‘const unsigned char *’}
                  uint8_t *key, int keylen,
                  ~~~~~~~~~^~~
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:133:39: error: passing argument 3 of ‘nss_ctx_init’ discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
     ret = nss_ctx_init(tmp_ctx, hmac, key, keylen, NULL, 0, &hctx);
                                       ^~~
In file included from /home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:30:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_crypto.h:61:27: note: expected ‘uint8_t *’ {aka ‘unsigned char *’} but argument is of type ‘const uint8_t *’ {aka ‘const unsigned char *’}
                  uint8_t *key, int keylen,
                  ~~~~~~~~~^~~
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c: In function ‘sss_decrypt’:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:221:39: error: passing argument 3 of ‘nss_ctx_init’ discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
     ret = nss_ctx_init(tmp_ctx, hmac, key, keylen, NULL, 0, &hctx);
                                       ^~~
In file included from /home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:30:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_crypto.h:61:27: note: expected ‘uint8_t *’ {aka ‘unsigned char *’} but argument is of type ‘const uint8_t *’ {aka ‘const unsigned char *’}
                  uint8_t *key, int keylen,
                  ~~~~~~~~~^~~
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:268:38: error: passing argument 3 of ‘nss_ctx_init’ discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
     ret = nss_ctx_init(tmp_ctx, enc, key, keylen, ivbuf, ivlen, &cctx);
                                      ^~~
In file included from /home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_nite.c:30:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_crypto.h:61:27: note: expected ‘uint8_t *’ {aka ‘unsigned char *’} but argument is of type ‘const uint8_t *’ {aka ‘const unsigned char *’}
                  uint8_t *key, int keylen,
```

Making the parameter const also in `nss_ctx_init` will produce another error which is out of our control thus removing the const.

```
In file included from /home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_util.c:33:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_util.c: In function ‘nss_ctx_init’:
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_crypto.h:33:19: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
     (sitem)->data = (sdata);    \
                   ^
/home/pbrezina/workspace/sssd/src/util/crypto/nss/nss_util.c:180:13: note: in expansion of macro ‘MAKE_SECITEM’
             MAKE_SECITEM(key, keylen, cctx->key);
```
---
 src/util/crypto/nss/nss_nite.c | 4 ++--
 src/util/crypto/sss_crypto.h   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/util/crypto/nss/nss_nite.c b/src/util/crypto/nss/nss_nite.c
index 46ff26570f..2ae28fd1a0 100644
--- a/src/util/crypto/nss/nss_nite.c
+++ b/src/util/crypto/nss/nss_nite.c
@@ -37,7 +37,7 @@ struct cipher_mech {
 };
 
 int sss_encrypt(TALLOC_CTX *mem_ctx, enum encmethod enctype,
-                const uint8_t *key, size_t keylen,
+                uint8_t *key, size_t keylen,
                 const uint8_t *plaintext, size_t plainlen,
                 uint8_t **ciphertext, size_t *cipherlen)
 {
@@ -171,7 +171,7 @@ int sss_encrypt(TALLOC_CTX *mem_ctx, enum encmethod enctype,
 }
 
 int sss_decrypt(TALLOC_CTX *mem_ctx, enum encmethod enctype,
-                const uint8_t *key, size_t keylen,
+                uint8_t *key, size_t keylen,
                 const uint8_t *ciphertext, size_t cipherlen,
                 uint8_t **plaintext, size_t *plainlen)
 {
diff --git a/src/util/crypto/sss_crypto.h b/src/util/crypto/sss_crypto.h
index a05c10f031..f8778cdbbd 100644
--- a/src/util/crypto/sss_crypto.h
+++ b/src/util/crypto/sss_crypto.h
@@ -63,11 +63,11 @@ enum encmethod {
 };
 
 int sss_encrypt(TALLOC_CTX *mem_ctx, enum encmethod enctype,
-                const uint8_t *key, size_t keylen,
+                uint8_t *key, size_t keylen,
                 const uint8_t *plaintext, size_t plainlen,
                 uint8_t **ciphertext, size_t *cipherlen);
 int sss_decrypt(TALLOC_CTX *mem_ctx, enum encmethod enctype,
-                const uint8_t *key, size_t keylen,
+                uint8_t *key, size_t keylen,
                 const uint8_t *ciphertext, size_t cipherlen,
                 uint8_t **plaintext, size_t *plainlen);
 

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

Reply via email to