From 4a640fb6c395302d7aad22833d573c44211b0a2d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 23 Dec 2015 00:47:28 +0000 Subject: [PATCH] Fix declarations and constification for inline stack. Reviewed-by: Richard Levitte --- apps/ciphers.c | 4 ++-- crypto/asn1/ameth_lib.c | 2 +- crypto/cms/cms_env.c | 2 -- crypto/cms/cms_lcl.h | 2 ++ crypto/cms/cms_lib.c | 3 --- crypto/evp/evp_pbe.c | 6 +++--- crypto/evp/pmeth_lib.c | 2 +- crypto/x509v3/pcy_int.h | 2 +- crypto/x509v3/pcy_node.c | 2 +- crypto/x509v3/pcy_tree.c | 2 +- include/openssl/cms.h | 4 +++- include/openssl/ssl.h | 4 ++-- include/openssl/x509v3.h | 4 ++-- ssl/s3_lib.c | 6 +++--- ssl/ssl_lib.c | 4 ++-- ssl/ssl_locl.h | 5 +++-- ssl/ssl_sess.c | 2 +- ssl/statem/statem_clnt.c | 4 ++-- ssl/statem/statem_srvr.c | 6 +++--- ssl/t1_lib.c | 2 +- test/ssltest.c | 2 +- 21 files changed, 35 insertions(+), 35 deletions(-) diff --git a/apps/ciphers.c b/apps/ciphers.c index d5a7631ac1..086ad43657 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -200,7 +200,7 @@ int ciphers_main(int argc, char **argv) if (!verbose) { for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { - SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); + const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); p = SSL_CIPHER_get_name(c); if (p == NULL) break; @@ -212,7 +212,7 @@ int ciphers_main(int argc, char **argv) } else { for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { - SSL_CIPHER *c; + const SSL_CIPHER *c; c = sk_SSL_CIPHER_value(sk, i); diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 85115bc5b7..cca4a79141 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -92,7 +92,7 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { }; typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); -DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD) +DECLARE_CONST_STACK_OF(EVP_PKEY_ASN1_METHOD) static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL; #ifdef TEST diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index a9a9d84e60..0b765486b9 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -65,8 +65,6 @@ /* CMS EnvelopedData Utilities */ -DECLARE_STACK_OF(CMS_RecipientInfo) - CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) { if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index 3d41d4f634..abc2a2741c 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -109,6 +109,8 @@ struct CMS_ContentInfo_st { } d; }; +DECLARE_STACK_OF(CMS_CertificateChoices) + struct CMS_SignedData_st { long version; STACK_OF(X509_ALGOR) *digestAlgorithms; diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index fdc69f6f8f..f6de4efd3a 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -64,9 +64,6 @@ IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo) IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) -DECLARE_STACK_OF(CMS_CertificateChoices) -DECLARE_STACK_OF(CMS_RevocationInfoChoice) - const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms) { return cms->contentType; diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 563634ec53..dc908f804e 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -66,9 +66,6 @@ /* Password based encryption (PBE) functions */ -DECLARE_STACK_OF(EVP_PBE_CTL) -static STACK_OF(EVP_PBE_CTL) *pbe_algs; - /* Setup a cipher context from a PBE algorithm */ typedef struct { @@ -79,6 +76,9 @@ typedef struct { EVP_PBE_KEYGEN *keygen; } EVP_PBE_CTL; +DECLARE_STACK_OF(EVP_PBE_CTL) +static STACK_OF(EVP_PBE_CTL) *pbe_algs; + static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen}, diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index a80fc33ccb..e880cfa37d 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -69,7 +69,7 @@ typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); -DECLARE_STACK_OF(EVP_PKEY_METHOD) +DECLARE_CONST_STACK_OF(EVP_PKEY_METHOD) static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; static const EVP_PKEY_METHOD *standard_methods[] = { diff --git a/crypto/x509v3/pcy_int.h b/crypto/x509v3/pcy_int.h index b5075f9edb..cbc94c0419 100644 --- a/crypto/x509v3/pcy_int.h +++ b/crypto/x509v3/pcy_int.h @@ -207,7 +207,7 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, const ASN1_OBJECT *id); X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - const X509_POLICY_DATA *data, + X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree); void policy_node_free(X509_POLICY_NODE *node); diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c index 81b4c78bc2..a71f9b8eef 100644 --- a/crypto/x509v3/pcy_node.c +++ b/crypto/x509v3/pcy_node.c @@ -109,7 +109,7 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, } X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - const X509_POLICY_DATA *data, + X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree) { diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 04d7bfc42a..a460333229 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -292,7 +292,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, } static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - const X509_POLICY_DATA *data) + X509_POLICY_DATA *data) { X509_POLICY_LEVEL *last = curr - 1; X509_POLICY_NODE *node; diff --git a/include/openssl/cms.h b/include/openssl/cms.h index c424b761d3..9cbfaf58ce 100644 --- a/include/openssl/cms.h +++ b/include/openssl/cms.h @@ -56,6 +56,7 @@ # define HEADER_CMS_H # include +# include # ifdef OPENSSL_NO_CMS # error CMS is disabled. @@ -76,8 +77,9 @@ typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; DECLARE_STACK_OF(CMS_SignerInfo) -DECLARE_STACK_OF(GENERAL_NAMES) DECLARE_STACK_OF(CMS_RecipientEncryptedKey) +DECLARE_STACK_OF(CMS_RecipientInfo) +DECLARE_STACK_OF(CMS_RevocationInfoChoice) DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e6342946dd..b2e9209752 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -325,7 +325,7 @@ typedef struct ssl_session_st SSL_SESSION; typedef struct tls_sigalgs_st TLS_SIGALGS; typedef struct ssl_conf_ctx_st SSL_CONF_CTX; -DECLARE_STACK_OF(SSL_CIPHER) +DECLARE_CONST_STACK_OF(SSL_CIPHER) DECLARE_STACK_OF(danetls_record) @@ -343,7 +343,7 @@ typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, - SSL_CIPHER **cipher, void *arg); + const SSL_CIPHER **cipher, void *arg); /* Typedefs for handling custom extensions */ diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 7932acb9c8..76d3c1f57e 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -206,8 +206,6 @@ typedef struct GENERAL_NAME_st { } d; } GENERAL_NAME; -typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; - typedef struct ACCESS_DESCRIPTION_st { ASN1_OBJECT *method; GENERAL_NAME *location; @@ -220,6 +218,8 @@ typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; DECLARE_STACK_OF(GENERAL_NAME) +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DECLARE_STACK_OF(GENERAL_NAMES) DECLARE_STACK_OF(ACCESS_DESCRIPTION) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d307ec05d6..de8dae22f0 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4105,10 +4105,10 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) return (2); } -SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr) { - SSL_CIPHER *c, *ret = NULL; + const SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *prio, *allow; int i, ii, ok; unsigned long alg_k, alg_a, mask_k, mask_a; @@ -4201,7 +4201,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (ii >= 0) { /* Check security callback permits this cipher */ if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED, - c->strength_bits, 0, c)) + c->strength_bits, 0, (void *)c)) continue; #if !defined(OPENSSL_NO_EC) if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f0f1264cdf..edb368df67 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1883,7 +1883,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) /** The old interface to get the same thing as SSL_get_ciphers() */ const char *SSL_get_cipher_list(const SSL *s, int n) { - SSL_CIPHER *c; + const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; if (s == NULL) @@ -1941,7 +1941,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) { char *p; STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; + const SSL_CIPHER *c; int i; if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index fee7fa6f15..6734c4df83 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1910,8 +1910,9 @@ __owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); void ssl3_free_digest_list(SSL *s); __owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk); -__owur SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr); +__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, + STACK_OF(SSL_CIPHER) *clnt, + STACK_OF(SSL_CIPHER) *srvr); __owur int ssl3_digest_cached_records(SSL *s, int keep); __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index baf846deb7..80895b6abd 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -989,7 +989,7 @@ int SSL_set_session_secret_cb(SSL *s, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, - SSL_CIPHER + const SSL_CIPHER **cipher, void *arg), void *arg) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index cfbfa5f8c3..5925923133 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1090,7 +1090,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) */ if (s->version >= TLS1_VERSION && s->tls_session_secret_cb && s->session->tlsext_tick) { - SSL_CIPHER *pref_cipher = NULL; + const SSL_CIPHER *pref_cipher = NULL; s->session->master_key_length = sizeof(s->session->master_key); if (s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length, @@ -2865,7 +2865,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) { int i, j = 0; - SSL_CIPHER *c; + const SSL_CIPHER *c; unsigned char *q; int empty_reneg_info_scsv = !s->renegotiate; /* Set disabled masks for this session */ diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 604b36565b..de20bcf9e8 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -965,7 +965,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) int i, al = SSL_AD_INTERNAL_ERROR; unsigned int j, complen = 0; unsigned long id; - SSL_CIPHER *c; + const SSL_CIPHER *c; #ifndef OPENSSL_NO_COMP SSL_COMP *comp = NULL; #endif @@ -1295,7 +1295,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) { - SSL_CIPHER *pref_cipher = NULL; + const SSL_CIPHER *pref_cipher = NULL; s->session->master_key_length = sizeof(s->session->master_key); if (s->tls_session_secret_cb(s, s->session->master_key, @@ -1446,7 +1446,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) { int al = SSL_AD_HANDSHAKE_FAILURE; - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; if (wst == WORK_MORE_A) { if (!s->hit) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 980f2f5d0b..908f8e909c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1127,7 +1127,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s); for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) { - SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); + const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; diff --git a/test/ssltest.c b/test/ssltest.c index 58e0f82030..44d001965e 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1049,7 +1049,7 @@ int main(int argc, char *argv[]) SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL; STACK_OF(OPENSSL_STRING) *conf_args = NULL; - const char *arg = NULL, *argn = NULL; + char *arg = NULL, *argn = NULL; verbose = 0; debug = 0; -- 2.25.1