Dev news

Commit 14819cf8bf for openssl.org

commit 14819cf8bf79da78fa8aaefdf0aecb1dcaaa38f7
Author: Milan Broz <gmazyland@gmail.com>
Date:   Tue Jan 20 15:40:18 2026 +0100

    Fix const spec in providers

    This patch fixes several const specifiers
    (visible with non-default const-qual warning).

    Signed-off-by: Milan Broz <gmazyland@gmail.com>

    Reviewed-by: Neil Horman <nhorman@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
    MergeDate: Tue Feb  3 14:12:00 2026
    (Merged from https://github.com/openssl/openssl/pull/29798)

diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index bc7e77bf1f..c8c907a613 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -17,8 +17,8 @@
  */

 /* Macros to build Self test data */
-#define ITM(x) ((void *)&x), sizeof(x)
-#define ITM_STR(x) ((void *)&x), (sizeof(x) - 1)
+#define ITM(x) ((const void *)&x), sizeof(x)
+#define ITM_STR(x) ((const void *)&x), (sizeof(x) - 1)

 #define ST_KAT_PARAM_END() { "", 0, NULL, 0 }
 #define ST_KAT_PARAM_BIGNUM(name, data)                                        \
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c b/providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c
index d0b6ae4b07..4fd4d42919 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c
@@ -180,7 +180,7 @@ static int aes_gcm_siv_encrypt(PROV_AES_GCM_SIV_CTX *ctx, const unsigned char *i
         ossl_polyval_ghash_hash(ctx->Htable, S_s, ctx->aad, UP16(ctx->aad_len));
     }
     if (DOWN16(len) > 0)
-        ossl_polyval_ghash_hash(ctx->Htable, S_s, (uint8_t *)in, DOWN16(len));
+        ossl_polyval_ghash_hash(ctx->Htable, S_s, in, DOWN16(len));
     if (!IS16(len)) {
         /* deal with padding - probably easier to memset the padding first rather than calculate */
         memset(padding, 0, sizeof(padding));
diff --git a/providers/implementations/ciphers/cipher_chacha20_hw.c b/providers/implementations/ciphers/cipher_chacha20_hw.c
index 4d55f9bf82..8748aac829 100644
--- a/providers/implementations/ciphers/cipher_chacha20_hw.c
+++ b/providers/implementations/ciphers/cipher_chacha20_hw.c
@@ -119,5 +119,5 @@ static const PROV_CIPHER_HW_CHACHA20 chacha20_hw = {

 const PROV_CIPHER_HW *ossl_prov_cipher_hw_chacha20(size_t keybits)
 {
-    return (PROV_CIPHER_HW *)&chacha20_hw;
+    return (const PROV_CIPHER_HW *)&chacha20_hw;
 }
diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
index 733547a7e7..aa3e08fc84 100644
--- a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
+++ b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
@@ -406,5 +406,5 @@ static const PROV_CIPHER_HW_CHACHA20_POLY1305 chacha20poly1305_hw = {

 const PROV_CIPHER_HW *ossl_prov_cipher_hw_chacha20_poly1305(size_t keybits)
 {
-    return (PROV_CIPHER_HW *)&chacha20poly1305_hw;
+    return (const PROV_CIPHER_HW *)&chacha20poly1305_hw;
 }
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
index 4b7dbb7458..d8a003ca42 100644
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
@@ -29,7 +29,7 @@
 #define RC4_HMAC_MD5_IV_BITS 0
 #define RC4_HMAC_MD5_MODE 0

-#define GET_HW(ctx) ((PROV_CIPHER_HW_RC4_HMAC_MD5 *)ctx->base.hw)
+#define GET_HW(ctx) ((const PROV_CIPHER_HW_RC4_HMAC_MD5 *)ctx->base.hw)

 static OSSL_FUNC_cipher_encrypt_init_fn rc4_hmac_md5_einit;
 static OSSL_FUNC_cipher_decrypt_init_fn rc4_hmac_md5_dinit;
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
index c3fae599dd..6d46606737 100644
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
@@ -227,5 +227,5 @@ static const PROV_CIPHER_HW_RC4_HMAC_MD5 rc4_hmac_md5_hw = {

 const PROV_CIPHER_HW *ossl_prov_cipher_hw_rc4_hmac_md5(size_t keybits)
 {
-    return (PROV_CIPHER_HW *)&rc4_hmac_md5_hw;
+    return (const PROV_CIPHER_HW *)&rc4_hmac_md5_hw;
 }
diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c
index e87532a75d..20b26e7024 100644
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -443,7 +443,7 @@ static int ecx_to_text(BIO *out, const void *key, int selection)
 #ifndef OPENSSL_NO_ML_KEM
 static int ml_kem_to_text(BIO *out, const void *vkey, int selection)
 {
-    return ossl_ml_kem_key_to_text(out, (ML_KEM_KEY *)vkey, selection);
+    return ossl_ml_kem_key_to_text(out, (const ML_KEM_KEY *)vkey, selection);
 }
 #endif

@@ -452,7 +452,7 @@ static int ml_kem_to_text(BIO *out, const void *vkey, int selection)
 #ifndef OPENSSL_NO_SLH_DSA
 static int slh_dsa_to_text(BIO *out, const void *key, int selection)
 {
-    return ossl_slh_dsa_key_to_text(out, (SLH_DSA_KEY *)key, selection);
+    return ossl_slh_dsa_key_to_text(out, (const SLH_DSA_KEY *)key, selection);
 }
 #endif /* OPENSSL_NO_SLH_DSA */

@@ -618,7 +618,7 @@ err:
 #ifndef OPENSSL_NO_ML_DSA
 static int ml_dsa_to_text(BIO *out, const void *key, int selection)
 {
-    return ossl_ml_dsa_key_to_text(out, (ML_DSA_KEY *)key, selection);
+    return ossl_ml_dsa_key_to_text(out, (const ML_DSA_KEY *)key, selection);
 }
 #endif /* OPENSSL_NO_ML_DSA */
 /* ---------------------------------------------------------------------- */
diff --git a/providers/implementations/signature/mac_legacy_sig.c b/providers/implementations/signature/mac_legacy_sig.c
index cef684b80c..0ab44f7f11 100644
--- a/providers/implementations/signature/mac_legacy_sig.c
+++ b/providers/implementations/signature/mac_legacy_sig.c
@@ -110,11 +110,11 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey,
     }

     if (pmacctx->key->cipher.cipher != NULL)
-        ciphername = (char *)EVP_CIPHER_get0_name(pmacctx->key->cipher.cipher);
+        ciphername = EVP_CIPHER_get0_name(pmacctx->key->cipher.cipher);

     if (!ossl_prov_set_macctx(pmacctx->macctx,
-            (char *)ciphername,
-            (char *)mdname,
+            ciphername,
+            mdname,
             pmacctx->key->properties, params))
         return 0;