Type-checked (and modern C compliant) OBJ_bsearch.

author Ben Laurie <ben@openssl.org>

Sun, 12 Oct 2008 14:32:47 +0000 (14:32 +0000)

committer Ben Laurie <ben@openssl.org>

Sun, 12 Oct 2008 14:32:47 +0000 (14:32 +0000)
author Ben Laurie <ben@openssl.org>
Sun, 12 Oct 2008 14:32:47 +0000 (14:32 +0000)
committer Ben Laurie <ben@openssl.org>
Sun, 12 Oct 2008 14:32:47 +0000 (14:32 +0000)
diff --git a/CHANGES b/CHANGES

index ecead77be9fb14273066055ac19693acf3abe0b0..0a087c149df639a0d9b3aaa2a12c589df3a2fdbf 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
  
   Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]
  
+  *) Type-checked OBJ_bsearch. Also some constification necessitated
+     by type-checking.  Still to come: TXT_DB, bsearch(?),
+     OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING,
+     CONF_VALUE.  [Ben Laurie]
+
    *) New function OPENSSL_gmtime_adj() to add a specific number of days and
       seconds to a tm structure directly, instead of going through OS
       specific date routines. This avoids any issues with OS routines such
diff --git a/Configure b/Configure

index aa396e00eb90022c7ffe6593dc97aac4b52df7fa..77b13e4c7b0d9ad32b3f0112957201c96f85ab97 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -164,6 +164,7 @@ my %table=(
  "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
  "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
  "debug-ben-debug",     "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
+"debug-ben-no-opt",    "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
  "debug-ben-strict",    "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
  "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
  "debug-bodo",  "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
diff --git a/apps/s_client.c b/apps/s_client.c

index 776196ef0871c5de849b6f29ff59a22ebf86ef43..12e5c40b7d2deef53d4a5b0f3f357a69e9d73cc9 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1531,7 +1531,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
         char buf[BUFSIZ];
         STACK_OF(X509) *sk;
         STACK_OF(X509_NAME) *sk2;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
         X509_NAME *xn;
         int j,i;
  #ifndef OPENSSL_NO_COMP
diff --git a/apps/s_server.c b/apps/s_server.c

index 27e520a9f36ed38635f2d18dd7d33abcace6af58..c95057a7f8f9f4f8541508a8cf703978b17b728c 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2182,7 +2182,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
         int ret=1;
         int i,j,k,blank,dot;
         SSL *con;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
         BIO *io,*ssl_bio,*sbio;
         long total_bytes;
  
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c

index ecf1d6004e3ac887c4be8bcf2b0c39c1958c4e51..f0d5416660963e6fd093488c8ce35deac99b3e17 100644 (file)
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -67,7 +67,6 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
  static void st_free(ASN1_STRING_TABLE *tbl);
  static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
                         const ASN1_STRING_TABLE * const *b);
-static int table_cmp(const void *a, const void *b);
  
  
  /* This is the global mask for the mbstring functions: this is use to
@@ -186,22 +185,25 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
         return (*a)->nid - (*b)->nid;
  }
  
-static int table_cmp(const void *a, const void *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table_cmp);
+
+static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
  {
-       const ASN1_STRING_TABLE *sa = a, *sb = b;
-       return sa->nid - sb->nid;
+       return a->nid - b->nid;
  }
  
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table_cmp);
+
  ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
  {
         int idx;
         ASN1_STRING_TABLE *ttmp;
         ASN1_STRING_TABLE fnd;
         fnd.nid = nid;
-       ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
-                                       (char *)tbl_standard, 
-                       sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
-                       sizeof(ASN1_STRING_TABLE), table_cmp);
+       ttmp = OBJ_bsearch(ASN1_STRING_TABLE, &fnd,
+                          ASN1_STRING_TABLE, tbl_standard, 
+                          sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
+                          table_cmp);
         if(ttmp) return ttmp;
         if(!stable) return NULL;
         idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c

index 47cbdd28d0732ed10e305139acd417ce9941bd7d..300195bf95c421dfb17387fc2e6e4b8864ed576e 100644 (file)
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -112,12 +112,18 @@ void main()
         }
  #endif
  
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PKEY_ASN1_METHOD *,
+                          const EVP_PKEY_ASN1_METHOD *, ameth_cmp);
+
  static int ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a,
-                const EVP_PKEY_ASN1_METHOD * const *b)
+                    const EVP_PKEY_ASN1_METHOD * const *b)
         {
          return ((*a)->pkey_id - (*b)->pkey_id);
         }
  
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PKEY_ASN1_METHOD *,
+                            const EVP_PKEY_ASN1_METHOD *, ameth_cmp);
+
  int EVP_PKEY_asn1_get_count(void)
         {
         int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
@@ -139,7 +145,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
  
  static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
         {
-       EVP_PKEY_ASN1_METHOD tmp, *t = &tmp, **ret;
+       EVP_PKEY_ASN1_METHOD tmp, *t = &tmp;
+       const EVP_PKEY_ASN1_METHOD **ret;
         tmp.pkey_id = type;
         if (app_methods)
                 {
@@ -148,11 +155,11 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
                 if (idx >= 0)
                         return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
                 }
-       ret = (EVP_PKEY_ASN1_METHOD **) OBJ_bsearch((char *)&t,
-                       (char *)standard_methods,
-                       sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *),
-                       sizeof(EVP_PKEY_ASN1_METHOD *),
-                       (int (*)(const void *, const void *))ameth_cmp);
+       ret = OBJ_bsearch(EVP_PKEY_ASN1_METHOD *, &t,
+                         const EVP_PKEY_ASN1_METHOD *, standard_methods,
+                         sizeof(standard_methods)
+                         /sizeof(EVP_PKEY_ASN1_METHOD *),
+                         ameth_cmp);
         if (!ret || !*ret)
                 return NULL;
         return *ret;
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c

index 8fecd34221c3c750daa423ffbcf6d8ce3824664e..7d6a50266abf59beebdec384f80880e570c01858 100644 (file)
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -189,10 +189,10 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         return 1;       
  }
  
-static int pbe_cmp2(const void *a, const void *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe_cmp2);
+
+static int pbe_cmp2(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
         {
-       const EVP_PBE_CTL *pbe1 = a;
-       const EVP_PBE_CTL *pbe2 = b;
         int ret = pbe1->pbe_type - pbe2->pbe_type;
         if (ret)
                 return ret;
@@ -200,6 +200,8 @@ static int pbe_cmp2(const void *a, const void *b)
                 return pbe1->pbe_nid - pbe2->pbe_nid;
         }
  
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe_cmp2);
+
  static int pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
         {
         int ret = (*a)->pbe_type - (*b)->pbe_type;
@@ -269,11 +271,10 @@ int EVP_PBE_find(int type, int pbe_nid,
                 }
         if (pbetmp == NULL)
                 {
-               pbetmp = (EVP_PBE_CTL *) OBJ_bsearch((char *)&pbelu,
-                       (char *)builtin_pbe,
-                       sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL),
-                       sizeof(EVP_PBE_CTL),
-                       pbe_cmp2);
+               pbetmp = OBJ_bsearch(EVP_PBE_CTL, &pbelu,
+                                    EVP_PBE_CTL, builtin_pbe,
+                                    sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL),
+                                    pbe_cmp2);
                 }
         if (pbetmp == NULL)
                 return 0;
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c

index 765a6c07dbfd125da1dff55d42aca6df89ae96b3..3fd11cbb5a1ab2f2da97f760ccaa3786d8848d9e 100644 (file)
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -84,15 +84,22 @@ static const EVP_PKEY_METHOD *standard_methods[] =
         &hmac_pkey_meth,
         };
  
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                          pmeth_cmp);
+
  static int pmeth_cmp(const EVP_PKEY_METHOD * const *a,
-                const EVP_PKEY_METHOD * const *b)
+                    const EVP_PKEY_METHOD * const *b)
         {
          return ((*a)->pkey_id - (*b)->pkey_id);
         }
  
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                            pmeth_cmp);
+
  const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
         {
-       EVP_PKEY_METHOD tmp, *t = &tmp, **ret;
+       EVP_PKEY_METHOD tmp, *t = &tmp;
+       const EVP_PKEY_METHOD **ret;
         tmp.pkey_id = type;
         if (app_pkey_methods)
                 {
@@ -101,11 +108,10 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
                 if (idx >= 0)
                         return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
                 }
-       ret = (EVP_PKEY_METHOD **) OBJ_bsearch((char *)&t,
-                       (char *)standard_methods,
-                       sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *),
-                       sizeof(EVP_PKEY_METHOD *),
-                       (int (*)(const void *, const void *))pmeth_cmp);
+       ret = OBJ_bsearch(EVP_PKEY_METHOD *, &t,
+                         const EVP_PKEY_METHOD *, standard_methods,
+                         sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *),
+                         pmeth_cmp);
         if (!ret || !*ret)
                 return NULL;
         return *ret;
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c

index db88f5f98018731140d4a9617e402bff35c3d3a6..acb6bcfb06fc1f0afcba51c061cc0482bd0b995c 100644 (file)
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -81,9 +81,10 @@ static const unsigned int ln_objs[1];
  static const unsigned int obj_objs[1];
  #endif
  
-static int sn_cmp(const void *a, const void *b);
-static int ln_cmp(const void *a, const void *b);
-static int obj_cmp(const void *a, const void *b);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, sn_cmp);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, ln_cmp);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, obj_cmp);
+
  #define ADDED_DATA     0
  #define ADDED_SNAME    1
  #define ADDED_LNAME    2
@@ -99,19 +100,15 @@ DECLARE_LHASH_OF(ADDED_OBJ);
  static int new_nid=NUM_NID;
  static LHASH_OF(ADDED_OBJ) *added=NULL;
  
-static int sn_cmp(const void *a, const void *b)
-       {
-       const ASN1_OBJECT * const *ap = a;
-       const unsigned int *bp = b;
-       return(strcmp((*ap)->sn,nid_objs[*bp].sn));
-       }
+static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
+       { return(strcmp((*a)->sn,nid_objs[*b].sn)); }
  
-static int ln_cmp(const void *a, const void *b)
-       { 
-       const ASN1_OBJECT * const *ap = a;
-       const unsigned int *bp = b;
-       return(strcmp((*ap)->ln,nid_objs[*bp].ln));
-       }
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, sn_cmp)
+
+static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
+       { return(strcmp((*a)->ln,nid_objs[*b].ln)); }
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, ln_cmp)
  
  static unsigned long added_obj_hash(const ADDED_OBJ *ca)
         {
@@ -385,6 +382,19 @@ const char *OBJ_nid2ln(int n)
                 }
         }
  
+static int obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp)
+       {
+       int j;
+       const ASN1_OBJECT *a= *ap;
+       const ASN1_OBJECT *b= &nid_objs[*bp];
+
+       j=(a->length - b->length);
+        if (j) return(j);
+       return(memcmp(a->data,b->data,a->length));
+       }
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, obj_cmp)
+
  int OBJ_obj2nid(const ASN1_OBJECT *a)
         {
         const unsigned int *op;
@@ -402,8 +412,8 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
                 adp=lh_ADDED_OBJ_retrieve(added,&ad);
                 if (adp != NULL) return (adp->obj->nid);
                 }
-       op=(const unsigned int *)OBJ_bsearch((const char *)&a,(const char *)obj_objs,
-               NUM_OBJ, sizeof(obj_objs[0]),obj_cmp);
+       op=OBJ_bsearch(const ASN1_OBJECT *, &a, const unsigned int, obj_objs,
+                      NUM_OBJ, obj_cmp);
         if (op == NULL)
                 return(NID_undef);
         return(nid_objs[*op].nid);
@@ -625,7 +635,8 @@ int OBJ_txt2nid(const char *s)
  
  int OBJ_ln2nid(const char *s)
         {
-       ASN1_OBJECT o,*oo= &o;
+       ASN1_OBJECT o;
+       const ASN1_OBJECT *oo= &o;
         ADDED_OBJ ad,*adp;
         const unsigned int *op;
  
@@ -637,15 +648,16 @@ int OBJ_ln2nid(const char *s)
                 adp=lh_ADDED_OBJ_retrieve(added,&ad);
                 if (adp != NULL) return (adp->obj->nid);
                 }
-       op=(const unsigned int*)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,
-               sizeof(ln_objs[0]),ln_cmp);
+       op=OBJ_bsearch(const ASN1_OBJECT *, &oo, const unsigned int, ln_objs,
+                                  NUM_LN, ln_cmp);
         if (op == NULL) return(NID_undef);
         return(nid_objs[*op].nid);
         }
  
  int OBJ_sn2nid(const char *s)
         {
-       ASN1_OBJECT o,*oo= &o;
+       ASN1_OBJECT o;
+       const ASN1_OBJECT *oo= &o;
         ADDED_OBJ ad,*adp;
         const unsigned int *op;
  
@@ -657,32 +669,22 @@ int OBJ_sn2nid(const char *s)
                 adp=lh_ADDED_OBJ_retrieve(added,&ad);
                 if (adp != NULL) return (adp->obj->nid);
                 }
-       op=(const unsigned int *)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
-               sizeof(sn_objs[0]),sn_cmp);
+       op=OBJ_bsearch(const ASN1_OBJECT *, &oo, const unsigned int, sn_objs,
+                                  NUM_SN, sn_cmp);
         if (op == NULL) return(NID_undef);
         return(nid_objs[*op].nid);
         }
  
-static int obj_cmp(const void *ap, const void *bp)
-       {
-       int j;
-       const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;
-       const ASN1_OBJECT *b= &nid_objs[*((const unsigned int *)bp)];
-
-       j=(a->length - b->length);
-        if (j) return(j);
-       return(memcmp(a->data,b->data,a->length));
-        }
-
-const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
-       int (*cmp)(const void *, const void *))
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
+                        int (*cmp)(const void *, const void *))
         {
         return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
         }
  
-const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
+const void *OBJ_bsearch_ex(const void *key, const void *base_, int num,
         int size, int (*cmp)(const void *, const void *), int flags)
         {
+       const char *base=base_;
         int l,h,i=0,c=0;
         const char *p = NULL;
  
diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c

index 4ebaa1cc6aa9b7676d3fce71c9a0eab8793e331d..3e85e7a576bcf4617cf17bd4b7036019cd0c3640 100644 (file)
--- a/crypto/objects/obj_xref.c
+++ b/crypto/objects/obj_xref.c
@@ -64,28 +64,35 @@ STACK_OF(nid_triple) *sig_app, *sigx_app;
  
  static int cmp_sig(const nid_triple *a, const nid_triple *b)
         {
-       return **a - **b;
+       return a->sign_id - b->sign_id;
         }
  
+DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple, const nid_triple, cmp_sig);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple, const nid_triple, cmp_sig)
+
  static int cmp_sig_sk(const nid_triple * const *a, const nid_triple * const *b)
         {
-       return ***a - ***b;
+       return (*a)->sign_id - (*b)->sign_id;
         }
  
+DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, cmp_sigx);
+
  static int cmp_sigx(const nid_triple * const *a, const nid_triple * const *b)
         {
         int ret;
-       ret = (**a)[1] - (**b)[1];
+       ret = (*a)->hash_id - (*b)->hash_id;
         if (ret)
                 return ret;
-       return (**a)[2] - (**b)[2];
+       return (*a)->pkey_id - (*b)->pkey_id;
         }
  
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, cmp_sigx)
  
  int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
         {
-       nid_triple tmp, *rv = NULL;
-       tmp[0] = signid;
+       nid_triple tmp;
+       const nid_triple *rv = NULL;
+       tmp.sign_id = signid;
  
         if (sig_app)
                 {
@@ -97,25 +104,27 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
  #ifndef OBJ_XREF_TEST2
         if (rv == NULL)
                 {
-               rv = (nid_triple *)OBJ_bsearch((char *)&tmp,
-                               (char *)sigoid_srt,
-                               sizeof(sigoid_srt) / sizeof(nid_triple),
-                               sizeof(nid_triple),
-                               (int (*)(const void *, const void *))cmp_sig);
+               rv = OBJ_bsearch(const nid_triple,&tmp,
+                                const nid_triple,sigoid_srt,
+                                sizeof(sigoid_srt) / sizeof(nid_triple),
+                                cmp_sig);
                 }
  #endif
         if (rv == NULL)
                 return 0;
-       *pdig_nid = (*rv)[1];
-       *ppkey_nid = (*rv)[2];
+       *pdig_nid = rv->hash_id;
+       *ppkey_nid = rv->pkey_id;
         return 1;
         }
  
  int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
         {
-       nid_triple tmp, *t=&tmp, **rv = NULL;
-       tmp[1] = dig_nid;
-       tmp[2] = pkey_nid;
+       nid_triple tmp;
+       const nid_triple const *t=&tmp;
+       const nid_triple **rv = NULL;
+
+       tmp.hash_id = dig_nid;
+       tmp.pkey_id = pkey_nid;
  
         if (sigx_app)
                 {
@@ -130,16 +139,15 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
  #ifndef OBJ_XREF_TEST2
         if (rv == NULL)
                 {
-               rv = (nid_triple **)OBJ_bsearch((char *)&t,
-                               (char *)sigoid_srt_xref,
-                               sizeof(sigoid_srt_xref) / sizeof(nid_triple *),
-                               sizeof(nid_triple *),
-                               (int (*)(const void *, const void *))cmp_sigx);
+               rv = OBJ_bsearch(const nid_triple *,&t,
+                                const nid_triple *,sigoid_srt_xref,
+                                sizeof(sigoid_srt_xref) / sizeof(nid_triple *),
+                                cmp_sigx);
                 }
  #endif
         if (rv == NULL)
                 return 0;
-       *psignid = (**rv)[0];
+       *psignid = (*rv)->sign_id;
         return 1;
         }
  
@@ -157,9 +165,9 @@ int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
         ntr = OPENSSL_malloc(sizeof(int) * 3);
         if (!ntr)
                 return 0;
-       (*ntr)[0] = signid;
-       (*ntr)[1] = dig_id;
-       (*ntr)[2] = pkey_id;
+       ntr->sign_id = signid;
+       ntr->hash_id = dig_id;
+       ntr->pkey_id = pkey_id;
  
         if (!sk_nid_triple_push(sig_app, ntr))
                 {
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h

deleted file mode 100644 (file)

index c139d3a..0000000
--- a/crypto/objects/obj_xref.h
+++ /dev/null
@@ -1,69 +0,0 @@
-
-typedef int nid_triple[3];
-
-static const nid_triple sigoid_srt[] =
-       {
-       {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
-       {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
-       {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
-       {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
-       {NID_dsaWithSHA, NID_sha, NID_dsa},
-       {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
-       {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
-       {NID_md5WithRSA, NID_md5, NID_rsa},
-       {NID_dsaWithSHA1, NID_sha1, NID_dsa},
-       {NID_sha1WithRSA, NID_sha1, NID_rsa},
-       {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
-       {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
-       {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
-       {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
-       {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
-       {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
-       {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
-       {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
-       {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
-       {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
-       {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
-       {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
-       {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
-       {NID_dsa_with_SHA224, NID_sha224, NID_dsa},
-       {NID_dsa_with_SHA256, NID_sha256, NID_dsa},
-       {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001},
-       {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94},
-       {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
-       {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
-       };
-
-static const nid_triple * const sigoid_srt_xref[] =
-       {
-       &sigoid_srt[17],
-       &sigoid_srt[18],
-       &sigoid_srt[0],
-       &sigoid_srt[1],
-       &sigoid_srt[7],
-       &sigoid_srt[2],
-       &sigoid_srt[4],
-       &sigoid_srt[3],
-       &sigoid_srt[9],
-       &sigoid_srt[5],
-       &sigoid_srt[8],
-       &sigoid_srt[12],
-       &sigoid_srt[6],
-       &sigoid_srt[10],
-       &sigoid_srt[11],
-       &sigoid_srt[13],
-       &sigoid_srt[24],
-       &sigoid_srt[20],
-       &sigoid_srt[14],
-       &sigoid_srt[21],
-       &sigoid_srt[15],
-       &sigoid_srt[22],
-       &sigoid_srt[16],
-       &sigoid_srt[23],
-       &sigoid_srt[19],
-       &sigoid_srt[25],
-       &sigoid_srt[26],
-       &sigoid_srt[27],
-       &sigoid_srt[28],
-       };
-
diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h

index 7d8cdc97c31c7a1071f21041f929655adc9440a3..7dc1bf5f008d76956a9662d1d81ed7c849566a68 100644 (file)
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@@ -1011,10 +1011,68 @@ int             OBJ_txt2nid(const char *s);
  int            OBJ_ln2nid(const char *s);
  int            OBJ_sn2nid(const char *s);
  int            OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
-const char *   OBJ_bsearch(const char *key,const char *base,int num,int size,
-       int (*cmp)(const void *, const void *));
-const char *   OBJ_bsearch_ex(const char *key,const char *base,int num,
-       int size, int (*cmp)(const void *, const void *), int flags);
+const void *   OBJ_bsearch_(const void *key,const void *base,int num,int size,
+                            int (*cmp)(const void *, const void *));
+const void *   OBJ_bsearch_ex(const void *key,const void *base,int num,
+                              int size, int (*cmp)(const void *, const void *),
+                              int flags);
+
+#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, cmp)  \
+  scope type1 *cmp##_type_1; \
+  scope type2 *cmp##_type_2;                                   \
+  scope int cmp##_BSEARCH_CMP_FN(const void *, const void *);          \
+  scope int cmp(const type1 const *, const type2 const *);
+
+#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)  \
+  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp)   \
+  _DECLARE_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp)
+
+/*
+ * Unsolved problem: if a type is actually a pointer type, like
+ * nid_triple is, then its impossible to get a const where you need
+ * it. Consider:
+ *
+ * typedef int nid_triple[3];
+ * const void *a_;
+ * const nid_triple const *a = a_;
+ *
+ * The assignement discards a const because what you really want is:
+ *
+ * const int const * const *a = a_;
+ *
+ * But if you do that, you lose the fact that a is an array of 3 ints,
+ * which breaks comparison functions.
+ *
+ * Thus we end up having to cast, sadly, or unpack the
+ * declarations. Or, as I finally did in this case, delcare nid_triple
+ * to be a struct, which it should have been in the first place.
+ *
+ * Ben, August 2008.
+ *
+ * Also, strictly speaking not all types need be const, but handling
+ * the non-constness means a lot of complication, and in practice
+ * comparison routines do always not touch their arguments.
+ */
+#define _IMPLEMENT_OBJ_BSEARCH_CMP_FN(scope, type1, type2, cmp)        \
+  scope int cmp##_BSEARCH_CMP_FN(const void *a_, const void *b_)       \
+      { \
+      const type1 const *a = a_; \
+      const type2 const *b = b_; \
+      return cmp(a,b); \
+      }
+
+#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \
+  _IMPLEMENT_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp) \
+  _IMPLEMENT_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp)
+
+#define OBJ_bsearch(type1,key,type2,base,num,cmp)                             \
+  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                        num,sizeof(type2),                             \
+                        (cmp##_type_1=CHECKED_PTR_OF(type1,cmp##_type_1), \
+                         cmp##_type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
+                         cmp##_BSEARCH_CMP_FN)))
  
  int            OBJ_new_nid(int num);
  int            OBJ_add_object(const ASN1_OBJECT *obj);
diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl

index 0dd360b5b0cda7e9bb1da8153284c228ff9efc61..4a42924c56a6b112795c5842c04914cedc84e748 100644 (file)
--- a/crypto/objects/objxref.pl
+++ b/crypto/objects/objxref.pl
@@ -50,8 +50,14 @@ my @srt2 = sort
         
  
  print <<EOF;
+/* AUTOGENERATED BY $0, DO NOT EDIT */
  
-typedef int nid_triple[3];
+typedef struct
+       {
+       int sign_id;
+       int hash_id;
+       int pkey_id;
+       } nid_triple;
  
  static const nid_triple sigoid_srt[] =
         {
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c

index e9db6d62a74984ca0ac241af2b7f13e350d02392..9c37c4ded3b8f563294b854869004fd09a7d175e 100644 (file)
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -356,12 +356,17 @@ static const X509_VERIFY_PARAM default_table[] = {
  
  static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
  
-static int table_cmp(const void *pa, const void *pb)
+static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
+
         {
-       const X509_VERIFY_PARAM *a = pa, *b = pb;
         return strcmp(a->name, b->name);
         }
  
+DECLARE_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM,
+                          table_cmp);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM,
+                            table_cmp);
+
  static int param_cmp(const X509_VERIFY_PARAM * const *a,
                         const X509_VERIFY_PARAM * const *b)
         {
@@ -397,6 +402,7 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
         {
         int idx;
         X509_VERIFY_PARAM pm;
+
         pm.name = (char *)name;
         if (param_table)
                 {
@@ -404,11 +410,10 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
                 if (idx != -1)
                         return sk_X509_VERIFY_PARAM_value(param_table, idx);
                 }
-       return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,
-                               (char *)&default_table,
-                               sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
-                               sizeof(X509_VERIFY_PARAM),
-                               table_cmp);
+       return OBJ_bsearch(const X509_VERIFY_PARAM, &pm,
+                          const X509_VERIFY_PARAM, default_table,
+                          sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
+                          table_cmp);
         }
  
  void X509_VERIFY_PARAM_table_cleanup(void)
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h

index 59837a44be5cf23e0ae939c9d0e7b18b765f1da6..22a390ab461bcc81cc4c30bb325417f333369d46 100644 (file)
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -73,7 +73,7 @@ extern X509V3_EXT_METHOD v3_addr, v3_asid;
   * order of the ext_nid values.
   */
  
-static X509V3_EXT_METHOD *standard_exts[] = {
+static const X509V3_EXT_METHOD *standard_exts[] = {
  &v3_nscert,
  &v3_ns_ia5_list[0],
  &v3_ns_ia5_list[1],
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c

index 2c2d6c44421a8d83494bf3cdca3de41d3e1688ce..55b44848cd4d81f556ad63cc8cd5f284e75b0395 100644 (file)
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -392,8 +392,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
         
  }
  
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
  {
         GENERAL_NAME *gen;
         GENERAL_NAMES *gens = NULL;
@@ -414,15 +414,15 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
         return NULL;
  }
  
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                        CONF_VALUE *cnf)
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              CONF_VALUE *cnf)
         {
         return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
         }
  
  GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
-                               X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                               int gen_type, char *value, int is_nc)
+                              const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              int gen_type, char *value, int is_nc)
         {
         char is_string = 0;
         GENERAL_NAME *gen = NULL;
@@ -518,8 +518,8 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
         }
  
  GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-                               X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                CONF_VALUE *cnf, int is_nc)
+                                 const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
         {
         int type;
  
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c

index e654ae7e1e7a0eb8b25405ddf7c6d022b7efbdb0..df3b991fe575b40ec7448fd1b572eefdc24c0d81 100644 (file)
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -72,8 +72,8 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, in
  static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
  static char *conf_lhash_get_string(void *db, char *section, char *value);
  static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
-                                                int crit, void *ext_struc);
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
+                                 int crit, void *ext_struc);
  static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
  /* CONF *conf:  Config file    */
  /* char *name:  Name    */
@@ -115,7 +115,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
  static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
                                     int crit, char *value)
         {
-       X509V3_EXT_METHOD *method;
+       const X509V3_EXT_METHOD *method;
         X509_EXTENSION *ext;
         STACK_OF(CONF_VALUE) *nval;
         void *ext_struc;
@@ -172,7 +172,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
  
         }
  
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
                                   int crit, void *ext_struc)
         {
         unsigned char *ext_der;
@@ -214,7 +214,7 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
  
  X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
         {
-       X509V3_EXT_METHOD *method;
+       const X509V3_EXT_METHOD *method;
         if (!(method = X509V3_EXT_get_nid(ext_nid))) {
                 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
                 return NULL;
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c

index 17a1fbf62c04c85aeb9edc0c38753fdb66c73a9d..c5e616caccb736b265581daa977a5302179be8c2 100644 (file)
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -63,10 +63,10 @@
  #include <openssl/asn1t.h>
  #include <openssl/x509v3.h>
  
-static void *v2i_crld(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_crldp(X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-                                                               int indent);
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+                     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                    int indent);
  
  const X509V3_EXT_METHOD v3_crld =
         {
@@ -308,8 +308,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
         return NULL;
         }
  
-static void *v2i_crld(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+                     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
         {
         STACK_OF(DIST_POINT) *crld = NULL;
         GENERAL_NAMES *gens = NULL;
@@ -426,10 +426,10 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
  
  IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
  
-static int i2r_idp(X509V3_EXT_METHOD *method,
-            void *pidp, BIO *out, int indent);
-static void *v2i_idp(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                  int indent);
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                    STACK_OF(CONF_VALUE) *nval);
  
  const X509V3_EXT_METHOD v3_idp =
         {
@@ -443,8 +443,8 @@ const X509V3_EXT_METHOD v3_idp =
         NULL
         };
  
-static void *v2i_idp(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                    STACK_OF(CONF_VALUE) *nval)
         {
         ISSUING_DIST_POINT *idp = NULL;
         CONF_VALUE *cnf;
@@ -535,7 +535,8 @@ static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
         return 1;
         }
  
-static int i2r_idp(X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                  int indent)
         {
         ISSUING_DIST_POINT *idp = pidp;
         if (idp->distpoint)
@@ -559,8 +560,8 @@ static int i2r_idp(X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
         return 1;
         }
  
-static int i2r_crldp(X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-                                                               int indent)
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                    int indent)
         {
         STACK_OF(DIST_POINT) *crld = pcrldp;
         DIST_POINT *point;
diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c

index a4efe0031e1fcc1506f62316a0ef849015e179e5..4e968b9e1d978703fb75d30ce58e7f4136ef8b2a 100644 (file)
--- a/crypto/x509v3/v3_extku.c
+++ b/crypto/x509v3/v3_extku.c
@@ -63,9 +63,10 @@
  #include <openssl/conf.h>
  #include <openssl/x509v3.h>
  
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx,
+                                   STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
                 void *eku, STACK_OF(CONF_VALUE) *extlist);
  
  const X509V3_EXT_METHOD v3_ext_ku = {
@@ -97,8 +98,9 @@ ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
  
  IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
  
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-               void *a, STACK_OF(CONF_VALUE) *ext_list)
+static STACK_OF(CONF_VALUE) *
+  i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *a,
+                        STACK_OF(CONF_VALUE) *ext_list)
  {
         EXTENDED_KEY_USAGE *eku = a;
         int i;
@@ -112,8 +114,8 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
         return ext_list;
  }
  
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
  {
         EXTENDED_KEY_USAGE *extku;
         char *extval;
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c

index f3015ea610cbdff91ae1fd8772f952773a65c6ea..3ad5b29afcd030eaa991a0c249f704cca3568fce 100644 (file)
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -84,20 +84,26 @@ int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
  }
  
  static int ext_cmp(const X509V3_EXT_METHOD * const *a,
-               const X509V3_EXT_METHOD * const *b)
+                  const X509V3_EXT_METHOD * const *b)
  {
         return ((*a)->ext_nid - (*b)->ext_nid);
  }
  
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *,
+                          ext_cmp);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
+                            const X509V3_EXT_METHOD *, ext_cmp);
+
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
  {
-       X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
+       X509V3_EXT_METHOD tmp;
+       const X509V3_EXT_METHOD *t = &tmp, * const *ret;
         int idx;
         if(nid < 0) return NULL;
         tmp.ext_nid = nid;
-       ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
-                       (char *)standard_exts, STANDARD_EXTENSION_COUNT,
-                       sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
+       ret = OBJ_bsearch(const X509V3_EXT_METHOD *, &t,
+                         const X509V3_EXT_METHOD *, standard_exts,
+                         STANDARD_EXTENSION_COUNT, ext_cmp);
         if(ret) return *ret;
         if(!ext_list) return NULL;
         idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
@@ -105,7 +111,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
         return sk_X509V3_EXT_METHOD_value(ext_list, idx);
  }
  
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
  {
         int nid;
         if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
@@ -122,7 +128,9 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
  
  int X509V3_EXT_add_alias(int nid_to, int nid_from)
  {
-       X509V3_EXT_METHOD *ext, *tmpext;
+       const X509V3_EXT_METHOD *ext;
+       X509V3_EXT_METHOD *tmpext;
+
         if(!(ext = X509V3_EXT_get_nid(nid_from))) {
                 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
                 return 0;
@@ -161,7 +169,7 @@ int X509V3_add_standard_extensions(void)
  
  void *X509V3_EXT_d2i(X509_EXTENSION *ext)
  {
-       X509V3_EXT_METHOD *method;
+       const X509V3_EXT_METHOD *method;
         const unsigned char *p;
  
         if(!(method = X509V3_EXT_get(ext))) return NULL;
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c

index 9a99cb2fa094455dabde146095c194f908a65c57..452437da48d712508313d322cf708e50eccc1d51 100644 (file)
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -63,13 +63,13 @@
  #include <openssl/conf.h>
  #include <openssl/x509v3.h>
  
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, 
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, 
                                 void *a, BIO *bp, int ind);
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-                               STACK_OF(GENERAL_SUBTREE) *trees,
-                                       BIO *bp, int ind, char *name);
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                  STACK_OF(GENERAL_SUBTREE) *trees,
+                                  BIO *bp, int ind, char *name);
  static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
  
  static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
@@ -106,8 +106,8 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
  IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
  IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
  
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
         {
         int i;
         CONF_VALUE tval, *val;
@@ -162,8 +162,8 @@ static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
  
         
  
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               void *a, BIO *bp, int ind)
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                               BIO *bp, int ind)
         {
         NAME_CONSTRAINTS *ncons = a;
         do_i2r_name_constraints(method, ncons->permittedSubtrees,
@@ -173,9 +173,9 @@ static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
         return 1;
         }
  
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-                               STACK_OF(GENERAL_SUBTREE) *trees,
-                                       BIO *bp, int ind, char *name)
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                  STACK_OF(GENERAL_SUBTREE) *trees,
+                                  BIO *bp, int ind, char *name)
         {
         GENERAL_SUBTREE *tree;
         int i;
diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c

index 62aac06335317e1d0c90f5de9dcd502d5dd906df..ac1fee69876bd904123522493cfaf594ae8d74d6 100644 (file)
--- a/crypto/x509v3/v3_ocsp.c
+++ b/crypto/x509v3/v3_ocsp.c
@@ -68,19 +68,26 @@
  /* OCSP extensions and a couple of CRL entry extensions
   */
  
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
+                         BIO *out, int indent);
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
+                           BIO *out, int indent);
+static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
+                     int indent);
  
  static void *ocsp_nonce_new(void);
  static int i2d_ocsp_nonce(void *a, unsigned char **pp);
  static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
  static void ocsp_nonce_free(void *a);
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                         BIO *out, int indent);
  
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+                           void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                             const char *str);
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                              BIO *bp, int ind);
  
  const X509V3_EXT_METHOD v3_ocsp_crlid = {
         NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
@@ -148,7 +155,8 @@ const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
         NULL
  };
  
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
+                         int ind)
  {
         OCSP_CRLID *a = in;
         if (a->crlUrl)
@@ -174,7 +182,8 @@ static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
         return 0;
  }
  
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
+                           BIO *bp, int ind)
  {
         if (!BIO_printf(bp, "%*s", ind, "")) return 0;
         if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
@@ -182,7 +191,8 @@ static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, in
  }
  
  
-static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
+                     int ind)
  {
         if (!BIO_printf(bp, "%*s", ind, "")) return 0;
         if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
@@ -232,7 +242,8 @@ static void ocsp_nonce_free(void *a)
         M_ASN1_OCTET_STRING_free(a);
  }
  
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                         BIO *out, int indent)
  {
         if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
         if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
@@ -241,17 +252,20 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int
  
  /* Nocheck is just a single NULL. Don't print anything and always set it */
  
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
+                           BIO *out, int indent)
  {
         return 1;
  }
  
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                             const char *str)
  {
         return ASN1_NULL_new();
  }
  
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                              BIO *bp, int ind)
          {
         int i;
         OCSP_SERVICELOC *a = in;
diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c

index 13248c2adaf455958bef69da4c914e2f611420b1..a14aa306ec79a1de564436f32ed07944fd1800b1 100644 (file)
--- a/crypto/x509v3/v3_pcons.c
+++ b/crypto/x509v3/v3_pcons.c
@@ -64,10 +64,12 @@
  #include <openssl/conf.h>
  #include <openssl/x509v3.h>
  
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               void *bcons, STACK_OF(CONF_VALUE) *extlist);
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons,
+                      STACK_OF(CONF_VALUE) *extlist);
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx,
+                                   STACK_OF(CONF_VALUE) *values);
  
  const X509V3_EXT_METHOD v3_policy_constraints = {
  NID_policy_constraints, 0,
@@ -88,8 +90,9 @@ ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
  IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
  
  
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-            void *a, STACK_OF(CONF_VALUE) *extlist)
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                      STACK_OF(CONF_VALUE) *extlist)
  {
         POLICY_CONSTRAINTS *pcons = a;
         X509V3_add_value_int("Require Explicit Policy",
@@ -99,8 +102,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
         return extlist;
  }
  
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-            X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx,
+                                   STACK_OF(CONF_VALUE) *values)
  {
         POLICY_CONSTRAINTS *pcons=NULL;
         CONF_VALUE *val;
diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c

index 626303264f715f69a94a90271d858c33342a692e..bac5a5071d909308829f19fabfdfbe9d7a0dd965 100644 (file)
--- a/crypto/x509v3/v3_pmaps.c
+++ b/crypto/x509v3/v3_pmaps.c
@@ -63,10 +63,11 @@
  #include <openssl/conf.h>
  #include <openssl/x509v3.h>
  
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-                               void *pmps, STACK_OF(CONF_VALUE) *extlist);
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *pmps,
+                   STACK_OF(CONF_VALUE) *extlist);
  
  const X509V3_EXT_METHOD v3_policy_mappings = {
         NID_policy_mappings, 0,
@@ -92,8 +93,9 @@ ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
  IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
  
  
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-               void *a, STACK_OF(CONF_VALUE) *ext_list)
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *a,
+                   STACK_OF(CONF_VALUE) *ext_list)
  {
         POLICY_MAPPINGS *pmaps = a;
         POLICY_MAPPING *pmap;
@@ -109,8 +111,8 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
         return ext_list;
  }
  
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
  {
         POLICY_MAPPINGS *pmaps;
         POLICY_MAPPING *pmap;
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c

index 20bd9bda190a65688c8c649c3ce82bce24ec9026..feb57684f24f5b4e8fa55173c84c40f2a9dd825b 100644 (file)
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -110,7 +110,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
         void *ext_str = NULL;
         char *value = NULL;
         const unsigned char *p;
-       X509V3_EXT_METHOD *method;      
+       const X509V3_EXT_METHOD *method;        
         STACK_OF(CONF_VALUE) *nval = NULL;
         int ok = 1;
  
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c

index 1ca370dc0b86caacf76af44c5c3e74a4eba4433b..a5d9805ce466bdad1c54c8cb280b3f41fabe22a2 100644 (file)
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -267,11 +267,14 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
         return xp->trust;
  }
  
-static int nid_cmp(int *a, int *b)
+static int nid_cmp(const int *a, const int *b)
         {
         return *a - *b;
         }
  
+DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid_cmp);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid_cmp);
+
  int X509_supported_extension(X509_EXTENSION *ex)
         {
         /* This table is a list of the NIDs of supported extensions:
@@ -282,7 +285,7 @@ int X509_supported_extension(X509_EXTENSION *ex)
          * searched using bsearch.
          */
  
-       static int supported_nids[] = {
+       static const int supported_nids[] = {
                 NID_netscape_cert_type, /* 71 */
                 NID_key_usage,          /* 83 */
                 NID_subject_alt_name,   /* 85 */
@@ -300,16 +303,13 @@ int X509_supported_extension(X509_EXTENSION *ex)
                 NID_inhibit_any_policy  /* 748 */
         };
  
-       int ex_nid;
-
-       ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+       const int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
  
         if (ex_nid == NID_undef) 
                 return 0;
  
-       if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
-               sizeof(supported_nids)/sizeof(int), sizeof(int),
-               (int (*)(const void *, const void *))nid_cmp))
+       if (OBJ_bsearch(int, &ex_nid, int, supported_nids,
+                       sizeof(supported_nids)/sizeof(int), nid_cmp))
                 return 1;
         return 0;
         }
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h

index 22b1b7fe39cade8027d3dbce593b805ae1e31488..460a04077c30cbdce7a57f60941d56d3f21c133d 100644 (file)
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -76,12 +76,19 @@ typedef void * (*X509V3_EXT_NEW)(void);
  typedef void (*X509V3_EXT_FREE)(void *);
  typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
  typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
-typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
+typedef STACK_OF(CONF_VALUE) *
+  (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext,
+                   STACK_OF(CONF_VALUE) *extlist);
+typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx,
+                                STACK_OF(CONF_VALUE) *values);
+typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
+typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx, const char *str);
+typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
+                             BIO *out, int indent);
+typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx, const char *str);
  
  /* V3 extension structure */
  
@@ -533,8 +540,8 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
  
  STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
                 GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
  
  DECLARE_ASN1_FUNCTIONS(OTHERNAME)
  DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
@@ -584,14 +591,15 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
  DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
  
  GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
-                               X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                               int gen_type, char *value, int is_nc);
+                              const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              int gen_type, char *value, int is_nc);
  
  #ifdef HEADER_CONF_H
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                       CONF_VALUE *cnf);
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              CONF_VALUE *cnf);
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+                                 const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
  void X509V3_conf_free(CONF_VALUE *val);
  
  X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
@@ -644,8 +652,8 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
  int X509V3_EXT_add_alias(int nid_to, int nid_from);
  void X509V3_EXT_cleanup(void);
  
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
  int X509V3_add_standard_extensions(void);
  STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
  void *X509V3_EXT_d2i(X509_EXTENSION *ext);
diff --git a/engines/Makefile b/engines/Makefile

index fdf8774336c94aef9204fbc025eee7dbd64cde7b..1cdfb2625d74c440c8bfebe456204fdb1d0a25b3 100644 (file)
--- a/engines/Makefile
+++ b/engines/Makefile
@@ -219,8 +219,7 @@ e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
  e_capi.o: ../include/openssl/evp.h ../include/openssl/lhash.h
  e_capi.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
  e_capi.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-e_capi.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
  e_capi.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
  e_capi.o: ../include/openssl/sha.h ../include/openssl/stack.h
  e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c

index d9486916f206ffd4d23208a1fec1c2708b657075..bd28b75e84c47ce93274bf8cfafc47ba2c664922 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -175,9 +175,9 @@ void dtls1_clear(SSL *s)
   * to explicitly list their SSL_* codes. Currently RC4 is the only one
   * available, but if new ones emerge, they will have to be added...
   */
-SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
         {
-       SSL_CIPHER *ciph = ssl3_get_cipher(u);
+       const SSL_CIPHER *ciph = ssl3_get_cipher(u);
  
         if (ciph != NULL)
                 {
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c

index 88fb564a2b3d98594745657925e4ce981d8afb3b..e3fce5343043373bd19b5b6fe4a0cd9f7acc0f20 100644 (file)
--- a/ssl/s23_lib.c
+++ b/ssl/s23_lib.c
@@ -74,7 +74,7 @@ int ssl23_num_ciphers(void)
             );
         }
  
-SSL_CIPHER *ssl23_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
         {
         unsigned int uu=ssl3_num_ciphers();
  
@@ -90,9 +90,10 @@ SSL_CIPHER *ssl23_get_cipher(unsigned int u)
  
  /* This function needs to check if the ciphers required are actually
   * available */
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
         {
-       SSL_CIPHER c,*cp;
+       SSL_CIPHER c;
+       const SSL_CIPHER *cp;
         unsigned long id;
         int n;
  
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c

index 25148d3397a99bdef7348f613b4e8a6cedd4459b..d93a2c797f5e6747c853f3dd5aa38e53fbde4714 100644 (file)
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -121,7 +121,7 @@ const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
  #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
  
  /* list of available SSLv2 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
+OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
  #if 0
  /* NULL_WITH_MD5 v3 */
         {
@@ -303,7 +303,7 @@ int ssl2_num_ciphers(void)
         return(SSL2_NUM_CIPHERS);
         }
  
-SSL_CIPHER *ssl2_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
         {
         if (u < SSL2_NUM_CIPHERS)
                 return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
@@ -412,20 +412,22 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
         return(0);
         }
  
+IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER,
+                                   ssl_cipher_id_cmp);
+
  /* This function needs to check if the ciphers required are actually
   * available */
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
         {
-       SSL_CIPHER c,*cp;
+       SSL_CIPHER c;
+       const SSL_CIPHER *cp;
         unsigned long id;
  
         id=0x02000000L|((unsigned long)p[0]<<16L)|
                 ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
         c.id=id;
-       cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
-               (char *)ssl2_ciphers,
-               SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
-               FP_ICC ssl_cipher_id_cmp);
+       cp = OBJ_bsearch(const SSL_CIPHER, &c, const SSL_CIPHER, ssl2_ciphers,
+                        SSL2_NUM_CIPHERS, ssl_cipher_id_cmp);
         if ((cp == NULL) || (cp->valid == 0))
                 return NULL;
         else
diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c

index 2bffa78ff4ca35b5eb0b64b9e8c1fa8edf9b202e..f0e8ca593d408c9a8f5ba82e4bd2d8ed65229f39 100644 (file)
--- a/ssl/s2_meth.c
+++ b/ssl/s2_meth.c
@@ -71,9 +71,9 @@ static const SSL_METHOD *ssl2_get_method(int ver)
         }
  
  IMPLEMENT_ssl2_meth_func(SSLv2_method,
-                       ssl2_accept,
-                       ssl2_connect,
-                       ssl2_get_method)
+                        ssl2_accept,
+                        ssl2_connect,
+                        ssl2_get_method)
  
  #else /* !OPENSSL_NO_SSL2 */
  
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c

index 6490d0bf1b5ed51c4916e5c977d3ac11cc313ab7..b43a046aa6cdca3bf3f9bb1e764d033efed41e05 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -366,7 +366,7 @@ static int get_client_master_key(SSL *s)
         int is_export,i,n,keya,ek;
         unsigned long len;
         unsigned char *p;
-       SSL_CIPHER *cp;
+       const SSL_CIPHER *cp;
         const EVP_CIPHER *c;
         const EVP_MD *md;
  
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index e339dbc431365277f1091ec5f4daf35fb7a502df..aae133429cba14997c7e5f57e7c827008d48d7b3 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -719,7 +719,7 @@ err:
  int ssl3_get_server_hello(SSL *s)
         {
         STACK_OF(SSL_CIPHER) *sk;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
         unsigned char *p,*d;
         int i,al,ok;
         unsigned int j;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index f09238f187425b4920b2468ff06ab14aa4b9a8c2..7e896997b22d9c8c7893723deaa1ddd792271d15 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2101,7 +2101,7 @@ int ssl3_num_ciphers(void)
         return(SSL3_NUM_CIPHERS);
         }
  
-SSL_CIPHER *ssl3_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
         {
         if (u < SSL3_NUM_CIPHERS)
                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
@@ -2786,17 +2786,16 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
  
  /* This function needs to check if the ciphers required are actually
   * available */
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
         {
-       SSL_CIPHER c,*cp;
+       SSL_CIPHER c;
+       const SSL_CIPHER *cp;
         unsigned long id;
  
         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
         c.id=id;
-       cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
-               (char *)ssl3_ciphers,
-               SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
-               FP_ICC ssl_cipher_id_cmp);
+       cp = OBJ_bsearch(SSL_CIPHER, &c, SSL_CIPHER, ssl3_ciphers,
+                        SSL3_NUM_CIPHERS, ssl_cipher_id_cmp);
         if (cp == NULL || cp->valid == 0)
                 return NULL;
         else
diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c

index 6b39ce89f60e8a6ab916d30f04980793c828f43a..cdddb17b627d775dc65f6e5f77810d9f36ecf628 100644 (file)
--- a/ssl/s3_meth.c
+++ b/ssl/s3_meth.c
@@ -70,8 +70,8 @@ static const SSL_METHOD *ssl3_get_method(int ver)
         }
  
  IMPLEMENT_ssl3_meth_func(SSLv3_method,
-                       ssl3_accept,
-                       ssl3_connect,
-                       ssl3_get_method)
+                        ssl3_accept,
+                        ssl3_connect,
+                        ssl3_get_method)
  
  
diff --git a/ssl/ssl.h b/ssl/ssl.h

index d3fdccdf89945a365c64240142cc8f5a99743a46..f23f24b73706a37af7c462749032754006d69db6 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -401,11 +401,11 @@ typedef struct ssl_method_st
         int (*ssl_dispatch_alert)(SSL *s);
         long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
         long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
-       SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
+       const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
         int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
         int (*ssl_pending)(const SSL *s);
         int (*num_ciphers)(void);
-       SSL_CIPHER *(*get_cipher)(unsigned ncipher);
+       const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
         const struct ssl_method_st *(*get_ssl_method)(int version);
         long (*get_timeout)(void);
         struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
@@ -483,7 +483,7 @@ typedef struct ssl_session_st
  
         int compress_meth;              /* Need to lookup the method */
  
-       SSL_CIPHER *cipher;
+       const SSL_CIPHER *cipher;
         unsigned long cipher_id;        /* when ASN.1 loaded, this
                                          * needs to be used to load
                                          * the 'cipher' structure */
@@ -1431,7 +1431,7 @@ int       SSL_clear(SSL *s);
  
  void   SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
  
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
  int    SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
  char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
  const char *   SSL_CIPHER_get_name(const SSL_CIPHER *c);
diff --git a/ssl/ssl3.h b/ssl/ssl3.h

index 646a8e6cced3e0044181c8094e7730f2339f11c5..56f17f66d372df39a87a711e30184cf4beae7c4f 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -465,7 +465,7 @@ typedef struct ssl3_state_st
                 int message_type;
  
                 /* used to hold the new cipher we are going to use */
-               SSL_CIPHER *new_cipher;
+               const SSL_CIPHER *new_cipher;
  #ifndef OPENSSL_NO_DH
                 DH *dh;
  #endif
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c

index c31d6e0c782f7545364b11da4f8981a071d60240..e60a490a52cc41d0b300ec508c021783c099ab30 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -207,7 +207,7 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
  
  typedef struct cipher_order_st
         {
-       SSL_CIPHER *cipher;
+       const SSL_CIPHER *cipher;
         int active;
         int dead;
         struct cipher_order_st *next,*prev;
@@ -437,7 +437,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
              const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
         {
         int i;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
  
         c=s->cipher;
         if (c == NULL) return(0);
@@ -682,7 +682,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                  CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
         {
         int i, co_list_num;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
  
         /*
          * We have num_of_ciphers descriptions compiled in, depending on the
@@ -745,7 +745,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                 }
         }
  
-static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
+static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
                          int num_of_group_aliases,
                          unsigned long disabled_mkey, unsigned long disabled_auth,
                          unsigned long disabled_enc, unsigned long disabled_mac,
@@ -753,7 +753,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
                         CIPHER_ORDER *head)
         {
         CIPHER_ORDER *ciph_curr;
-       SSL_CIPHER **ca_curr;
+       const SSL_CIPHER **ca_curr;
         int i;
         unsigned long mask_mkey = ~disabled_mkey;
         unsigned long mask_auth = ~disabled_auth;
@@ -823,7 +823,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
         {
         CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
-       SSL_CIPHER *cp;
+       const SSL_CIPHER *cp;
         int reverse = 0;
  
  #ifdef CIPHER_DEBUG
@@ -999,7 +999,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
  
  static int ssl_cipher_process_rulestr(const char *rule_str,
                  CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
-                SSL_CIPHER **ca_list)
+                const SSL_CIPHER **ca_list)
         {
         unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
         const char *l, *start, *buf;
@@ -1258,7 +1258,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
         const char *rule_p;
         CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
-       SSL_CIPHER **ca_list = NULL;
+       const SSL_CIPHER **ca_list = NULL;
  
         /*
          * Return with error if nothing to do.
@@ -1345,8 +1345,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
          */
         num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
         num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
-       ca_list =
-               (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+       ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
         if (ca_list == NULL)
                 {
                 OPENSSL_free(co_list);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 203bce661a97fe398761fdfceb97db0222da4f7d..803894c44f968b82e22e4dfd9592256db913c588 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1348,7 +1348,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
  STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                                                STACK_OF(SSL_CIPHER) **skp)
         {
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
         STACK_OF(SSL_CIPHER) *sk;
         int i,n;
  
@@ -1751,7 +1751,7 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
         X509_VERIFY_PARAM_set_depth(ctx->param, depth);
         }
  
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
         {
         CERT_PKEY *cpk;
         int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
@@ -1963,7 +1963,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
  #define ku_reject(x, usage) \
         (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
  
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
         {
         unsigned long alg_k, alg_a;
         EVP_PKEY *pkey = NULL;
@@ -2109,7 +2109,7 @@ X509 *ssl_get_server_send_cert(SSL *s)
         return(c->pkeys[i].x509);
         }
  
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
         {
         unsigned long alg_a;
         CERT *c;
@@ -2547,7 +2547,7 @@ EVP_PKEY *SSL_get_privatekey(SSL *s)
                 return(NULL);
         }
  
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
         {
         if ((s->session != NULL) && (s->session->cipher != NULL))
                 return(s->session->cipher);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index a499a16ea5385e5d0b923868c2ae0c48d98838e8..ad69a71ff52a69a922ab66843222dc710fb823c6 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -577,7 +577,7 @@ typedef struct ssl3_buf_freelist_entry_st
  #endif
  
  extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
+OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
  OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
  
  
@@ -784,6 +784,8 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type);
  int ssl_get_new_session(SSL *s, int session);
  int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
  int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER,
+                                 ssl_cipher_id_cmp);
  int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
                         const SSL_CIPHER * const *bp);
  STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
@@ -803,9 +805,9 @@ int ssl_undefined_function(SSL *s);
  int ssl_undefined_void_function(void);
  int ssl_undefined_const_function(const SSL *s);
  X509 *ssl_get_server_send_cert(SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
+EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *);
  int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
  STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
  int ssl_verify_alarm_type(long type);
  void ssl_load_ciphers(void);
@@ -814,7 +816,7 @@ int ssl2_enc_init(SSL *s, int client);
  int ssl2_generate_key_material(SSL *s);
  void ssl2_enc(SSL *s,int send_data);
  void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
  int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
  int ssl2_part_read(SSL *s, unsigned long f, int i);
  int ssl2_do_write(SSL *s);
@@ -822,7 +824,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
  void ssl2_return_error(SSL *s,int reason);
  void ssl2_write_error(SSL *s);
  int ssl2_num_ciphers(void);
-SSL_CIPHER *ssl2_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
  int    ssl2_new(SSL *s);
  void   ssl2_free(SSL *s);
  int    ssl2_accept(SSL *s);
@@ -839,7 +841,7 @@ long        ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
  int    ssl2_pending(const SSL *s);
  long   ssl2_default_timeout(void );
  
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
  int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
  void ssl3_init_finished_mac(SSL *s);
  int ssl3_send_server_certificate(SSL *s);
@@ -858,7 +860,7 @@ int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
  long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
  int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
  int ssl3_num_ciphers(void);
-SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
  int ssl3_renegotiate(SSL *ssl); 
  int ssl3_renegotiate_check(SSL *ssl); 
  int ssl3_dispatch_alert(SSL *s);
@@ -899,12 +901,12 @@ int ssl3_do_change_cipher_spec(SSL *ssl);
  long ssl3_default_timeout(void );
  
  int ssl23_num_ciphers(void );
-SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
  int ssl23_read(SSL *s, void *buf, int len);
  int ssl23_peek(SSL *s, void *buf, int len);
  int ssl23_write(SSL *s, const void *buf, int len);
  int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
  long ssl23_default_timeout(void );
  
  long tls1_default_timeout(void);
@@ -934,7 +936,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
  void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
  void dtls1_reset_seq_numbers(SSL *s, int rw);
  long dtls1_default_timeout(void);
-SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
  
  
  /* some client-only functions */
@@ -1020,7 +1022,7 @@ int ssl3_alert_code(int code);
  int ssl_ok(SSL *s);
  
  #ifndef OPENSSL_NO_ECDH
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs);
  #endif
  
  SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
diff --git a/ssl/ssltest.c b/ssl/ssltest.c

index b20ab0fb0500ac9be01d53b61142ac9dd6b2b75e..c76f6677b448c70948231f43d06f59f96ca3237f 100644 (file)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -317,7 +317,7 @@ static void sv_usage(void)
  
  static void print_details(SSL *c_ssl, const char *prefix)
         {
-       SSL_CIPHER *ciph;
+       const SSL_CIPHER *ciph;
         X509 *cert;
                 
         ciph=SSL_get_current_cipher(c_ssl);
@@ -2408,7 +2408,7 @@ static int do_test_cipherlist(void)
         {
         int i = 0;
         const SSL_METHOD *meth;
-       SSL_CIPHER *ci, *tci = NULL;
+       const SSL_CIPHER *ci, *tci = NULL;
  
  #ifndef OPENSSL_NO_SSL2
         fprintf(stderr, "testing SSLv2 cipher list order: ");
author	Ben Laurie <ben@openssl.org>
	Sun, 12 Oct 2008 14:32:47 +0000 (14:32 +0000)
committer	Ben Laurie <ben@openssl.org>
	Sun, 12 Oct 2008 14:32:47 +0000 (14:32 +0000)
CHANGES		patch \| blob \| history
Configure		patch \| blob \| history
apps/s_client.c		patch \| blob \| history
apps/s_server.c		patch \| blob \| history
crypto/asn1/a_strnid.c		patch \| blob \| history
crypto/asn1/ameth_lib.c		patch \| blob \| history
crypto/evp/evp_pbe.c		patch \| blob \| history
crypto/evp/pmeth_lib.c		patch \| blob \| history
crypto/objects/obj_dat.c		patch \| blob \| history
crypto/objects/obj_xref.c		patch \| blob \| history
crypto/objects/obj_xref.h	[deleted file]	patch \| blob \| history
crypto/objects/objects.h		patch \| blob \| history
crypto/objects/objxref.pl		patch \| blob \| history
crypto/x509/x509_vpm.c		patch \| blob \| history
crypto/x509v3/ext_dat.h		patch \| blob \| history
crypto/x509v3/v3_alt.c		patch \| blob \| history
crypto/x509v3/v3_conf.c		patch \| blob \| history
crypto/x509v3/v3_crld.c		patch \| blob \| history
crypto/x509v3/v3_extku.c		patch \| blob \| history
crypto/x509v3/v3_lib.c		patch \| blob \| history
crypto/x509v3/v3_ncons.c		patch \| blob \| history
crypto/x509v3/v3_ocsp.c		patch \| blob \| history
crypto/x509v3/v3_pcons.c		patch \| blob \| history
crypto/x509v3/v3_pmaps.c		patch \| blob \| history
crypto/x509v3/v3_prn.c		patch \| blob \| history
crypto/x509v3/v3_purp.c		patch \| blob \| history
crypto/x509v3/x509v3.h		patch \| blob \| history
engines/Makefile		patch \| blob \| history
ssl/d1_lib.c		patch \| blob \| history
ssl/s23_lib.c		patch \| blob \| history
ssl/s2_lib.c		patch \| blob \| history
ssl/s2_meth.c		patch \| blob \| history
ssl/s2_srvr.c		patch \| blob \| history
ssl/s3_clnt.c		patch \| blob \| history
ssl/s3_lib.c		patch \| blob \| history
ssl/s3_meth.c		patch \| blob \| history
ssl/ssl.h		patch \| blob \| history
ssl/ssl3.h		patch \| blob \| history
ssl/ssl_ciph.c		patch \| blob \| history
ssl/ssl_lib.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history
ssl/ssltest.c		patch \| blob \| history