Commit f18816261e for openssl.org
commit f18816261e3bf106fa240706cbf797c4a2a5184a
Author: Bob Beck <beck@openssl.org>
Date: Mon Sep 29 15:32:39 2025 -0600
Constify the return value of X509_get0_pubkey_bitstr()
Part of #28654
Fixes: https://github.com/openssl/project/issues/1772
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29434)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 9c55fecd4f..b86d14f56c 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -981,7 +981,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
{
OCSP_CERTID *id = NULL;
const X509_NAME *iname;
- ASN1_BIT_STRING *ikey;
+ const ASN1_BIT_STRING *ikey;
ASN1_INTEGER *sno;
if (issuer == NULL) {
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index b8f3bdccc0..49a620a076 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -24,7 +24,7 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
{
const X509_NAME *iname;
const ASN1_INTEGER *serial;
- ASN1_BIT_STRING *ikey;
+ const ASN1_BIT_STRING *ikey;
if (!dgst)
dgst = EVP_sha1();
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 0c43c50fe6..7c866eec76 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -204,7 +204,7 @@ int X509_ocspid_print(BIO *bp, const X509 *x)
int derlen;
int i;
unsigned char SHA1md[SHA_DIGEST_LENGTH];
- ASN1_BIT_STRING *keybstr;
+ const ASN1_BIT_STRING *keybstr;
const X509_NAME *subj;
EVP_MD *md = NULL;
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 1de8274c28..5c609f6048 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -488,7 +488,7 @@ int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey)
int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
unsigned char *md, unsigned int *len)
{
- ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data);
+ const ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data);
if (key == NULL)
return 0;
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 301e3261ab..56b8da3321 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -1028,7 +1028,7 @@ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
return 1;
}
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+const ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
{
if (x == NULL)
return NULL;
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index 9c99332fee..0366320992 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -695,7 +695,7 @@ void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
const ASN1_BIT_STRING **psuid);
const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
+const ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
#define X509_REQ_VERSION_1 0
diff --git a/test/localetest.c b/test/localetest.c
index 63871fa063..176219f009 100644
--- a/test/localetest.c
+++ b/test/localetest.c
@@ -95,7 +95,7 @@ int setup_tests(void)
char str1[] = "SubjectPublicKeyInfo", str2[] = "subjectpublickeyinfo";
int res;
X509 *cert = NULL;
- X509_PUBKEY *cert_pubkey = NULL;
+ const X509_PUBKEY *cert_pubkey = NULL;
const unsigned char *p = der_bytes;
if (setlocale(LC_ALL, "") == NULL)