From ccd86b68ef7f9a5cfaaed4089bce29fdc5fe4219 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 1 Jun 2000 02:36:58 +0000 Subject: [PATCH] The previous commit to crypto/stack/*.[ch] pulled the type-safety strings yet tighter, and also put some heat on the rest of the library by insisting (correctly) that compare callbacks used in stacks are prototyped with "const" parameters. This has led to a depth-first explosion of compiler warnings in the code where 1 constification has led to 3 or 4 more. Fortunately these have all been resolved to completion and the code seems cleaner as a result - in particular many of the _cmp() functions should have been prototyped with "const"s, and now are. There was one little problem however; X509_cmp() should by rights compare "const X509 *" pointers, and it is now declared as such. However, it's internal workings can involve recalculating hash values and extensions if they have not already been setup. Someone with a more intricate understanding of the flow control of X509 might be able to tighten this up, but for now - this seemed the obvious place to stop the "depth-first" constification of the code by using an evil cast (they have migrated all the way here from safestack.h). Fortunately, this is the only place in the code where this was required to complete these type-safety changes, and it's reasonably clear and commented, and seemed the least unacceptable of the options. Trying to take the constification further ends up exploding out considerably, and indeed leads directly into generalised ASN functions which are not likely to cooperate well with this. --- CHANGES | 9 +++++++ crypto/asn1/a_strnid.c | 6 +++-- crypto/asn1/x_crl.c | 15 +++++++---- crypto/pkcs7/pk7_mime.c | 12 ++++++--- crypto/x509/x509.h | 25 ++++++++++--------- crypto/x509/x509_cmp.c | 24 +++++++++++------- crypto/x509/x509_trs.c | 6 +++-- crypto/x509/x_all.c | 8 +++--- crypto/x509v3/v3_lib.c | 6 +++-- crypto/x509v3/v3_purp.c | 55 ++++++++++++++++++++++------------------- crypto/x509v3/x509v3.h | 5 ++-- ssl/s3_clnt.c | 4 +-- ssl/ssl_cert.c | 4 +-- ssl/ssl_ciph.c | 3 ++- ssl/ssl_lib.c | 5 ++-- ssl/ssl_locl.h | 5 ++-- 16 files changed, 117 insertions(+), 75 deletions(-) diff --git a/CHANGES b/CHANGES index 5e9d4dd7dd..4eb839823b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,15 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) The STACK code has been cleaned up, and certain type declarations + that didn't make a lot of sense have been brought in line. This has + also involved a cleanup of sorts in safestack.h to more correctly + map type-safe stack functions onto their plain stack counterparts. + This work has also resulted in a variety of "const"ifications of + lots of the code, especially "_cmp" operations which should normally + be prototyped with "const" parameters anyway. + [Geoff Thorpe] + *) When generating bytes for the first time in md_rand.c, 'stir the pool' by seeding with STATE_SIZE dummy bytes (with zero entropy count). (The PRNG state consists of two parts, the large pool 'state' and 'md', diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index ab8417ffab..1ef1478304 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -65,7 +65,8 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; static void st_free(ASN1_STRING_TABLE *tbl); -static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b); +static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, + const ASN1_STRING_TABLE * const *b); static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b); @@ -173,7 +174,8 @@ static ASN1_STRING_TABLE tbl_standard[] = { {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK} }; -static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b) +static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, + const ASN1_STRING_TABLE * const *b) { return (*a)->nid - (*b)->nid; } diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 12a42d04c7..39fe8916fa 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -61,8 +61,10 @@ #include #include -static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b); -static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b); +static int X509_REVOKED_cmp(const X509_REVOKED * const *a, + const X509_REVOKED * const *b); +static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, + const X509_REVOKED * const *b); int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp) { M_ASN1_I2D_vars(a); @@ -100,7 +102,8 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp) { int v1=0; long l=0; - int (*old_cmp)(X509_REVOKED **,X509_REVOKED **); + int (*old_cmp)(const X509_REVOKED * const *, + const X509_REVOKED * const *); M_ASN1_I2D_vars(a); old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp); @@ -325,14 +328,16 @@ void X509_CRL_free(X509_CRL *a) Free(a); } -static int X509_REVOKED_cmp(X509_REVOKED **a, X509_REVOKED **b) +static int X509_REVOKED_cmp(const X509_REVOKED * const *a, + const X509_REVOKED * const *b) { return(ASN1_STRING_cmp( (ASN1_STRING *)(*a)->serialNumber, (ASN1_STRING *)(*b)->serialNumber)); } -static int X509_REVOKED_seq_cmp(X509_REVOKED **a, X509_REVOKED **b) +static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, + const X509_REVOKED * const *b) { return((*a)->sequence-(*b)->sequence); } diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 5abd0ec8fa..36d47ef11c 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -94,8 +94,10 @@ static char * strip_end(char *name); static MIME_HEADER *mime_hdr_new(char *name, char *value); static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); -static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b); -static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b); +static int mime_hdr_cmp(const MIME_HEADER * const *a, + const MIME_HEADER * const *b); +static int mime_param_cmp(const MIME_PARAM * const *a, + const MIME_PARAM * const *b); static void mime_param_free(MIME_PARAM *param); static int mime_bound_check(char *line, int linelen, char *bound, int blen); static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); @@ -614,12 +616,14 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) return 1; } -static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b) +static int mime_hdr_cmp(const MIME_HEADER * const *a, + const MIME_HEADER * const *b) { return(strcmp((*a)->name, (*b)->name)); } -static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b) +static int mime_param_cmp(const MIME_PARAM * const *a, + const MIME_PARAM * const *b) { return(strcmp((*a)->param_name, (*b)->param_name)); } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index a0aaad8366..a5cb555589 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -659,11 +659,14 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); -int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len); -int X509_CRL_digest(X509_CRL *data,const EVP_MD *type,unsigned char *md,unsigned int *len); -int X509_REQ_digest(X509_REQ *data,const EVP_MD *type,unsigned char *md,unsigned int *len); -int X509_NAME_digest(X509_NAME *data,const EVP_MD *type, - unsigned char *md,unsigned int *len); +int X509_digest(const X509 *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); #endif #ifndef NO_FP_API @@ -963,20 +966,20 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); -int X509_issuer_and_serial_cmp(X509 *a, X509 *b); +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); unsigned long X509_issuer_and_serial_hash(X509 *a); -int X509_issuer_name_cmp(X509 *a, X509 *b); +int X509_issuer_name_cmp(const X509 *a, const X509 *b); unsigned long X509_issuer_name_hash(X509 *a); -int X509_subject_name_cmp(X509 *a,X509 *b); +int X509_subject_name_cmp(const X509 *a, const X509 *b); unsigned long X509_subject_name_hash(X509 *x); -int X509_cmp (X509 *a, X509 *b); -int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); unsigned long X509_NAME_hash(X509_NAME *x); -int X509_CRL_cmp(X509_CRL *a,X509_CRL *b); +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); #ifndef NO_FP_API int X509_print_fp(FILE *bp,X509 *x); int X509_CRL_print_fp(FILE *bp,X509_CRL *x); diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index a8a5ca8b03..0452b025b9 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -63,7 +63,7 @@ #include #include -int X509_issuer_and_serial_cmp(X509 *a, X509 *b) +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) { int i; X509_CINF *ai,*bi; @@ -97,17 +97,17 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) } #endif -int X509_issuer_name_cmp(X509 *a, X509 *b) +int X509_issuer_name_cmp(const X509 *a, const X509 *b) { return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); } -int X509_subject_name_cmp(X509 *a, X509 *b) +int X509_subject_name_cmp(const X509 *a, const X509 *b) { return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); } -int X509_CRL_cmp(X509_CRL *a, X509_CRL *b) +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) { return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); } @@ -139,19 +139,25 @@ unsigned long X509_subject_name_hash(X509 *x) #ifndef NO_SHA /* Compare two certificates: they must be identical for - * this to work. + * this to work. NB: Although "cmp" operations are generally + * prototyped to take "const" arguments (eg. for use in + * STACKs), the way X509 handling is - these operations may + * involve ensuring the hashes are up-to-date and ensuring + * certain cert information is cached. So this is the point + * where the "depth-first" constification tree has to halt + * with an evil cast. */ -int X509_cmp(X509 *a, X509 *b) +int X509_cmp(const X509 *a, const X509 *b) { /* ensure hash is valid */ - X509_check_purpose(a, -1, 0); - X509_check_purpose(b, -1, 0); + X509_check_purpose((X509 *)a, -1, 0); + X509_check_purpose((X509 *)b, -1, 0); return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); } #endif -int X509_NAME_cmp(X509_NAME *a, X509_NAME *b) +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) { int i,j; X509_NAME_ENTRY *na,*nb; diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index c779aaf94d..8637e56d9c 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -61,7 +61,8 @@ #include -static int tr_cmp(X509_TRUST **a, X509_TRUST **b); +static int tr_cmp(const X509_TRUST * const *a, + const X509_TRUST * const *b); static void trtable_free(X509_TRUST *p); static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); @@ -88,7 +89,8 @@ IMPLEMENT_STACK_OF(X509_TRUST) static STACK_OF(X509_TRUST) *trtable = NULL; -static int tr_cmp(X509_TRUST **a, X509_TRUST **b) +static int tr_cmp(const X509_TRUST * const *a, + const X509_TRUST * const *b) { return (*a)->trust - (*b)->trust; } diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index b67ca243dc..dd5796e205 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -411,25 +411,25 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne) (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne)); } -int X509_digest(X509 *data, const EVP_MD *type, unsigned char *md, +int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)); } -int X509_CRL_digest(X509_CRL *data, const EVP_MD *type, unsigned char *md, +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { return(ASN1_digest((int (*)())i2d_X509_CRL,type,(char *)data,md,len)); } -int X509_REQ_digest(X509_REQ *data, const EVP_MD *type, unsigned char *md, +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { return(ASN1_digest((int (*)())i2d_X509_REQ,type,(char *)data,md,len)); } -int X509_NAME_digest(X509_NAME *data, const EVP_MD *type, unsigned char *md, +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)); diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index dcdf7d607d..aa04fb24aa 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -66,7 +66,8 @@ static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; -static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b); +static int ext_cmp(const X509V3_EXT_METHOD * const *a, + const X509V3_EXT_METHOD * const *b); static void ext_list_free(X509V3_EXT_METHOD *ext); int X509V3_EXT_add(X509V3_EXT_METHOD *ext) @@ -82,7 +83,8 @@ int X509V3_EXT_add(X509V3_EXT_METHOD *ext) return 1; } -static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b) +static int ext_cmp(const X509V3_EXT_METHOD * const *a, + const X509V3_EXT_METHOD * const *b) { return ((*a)->ext_nid - (*b)->ext_nid); } diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 7b4055f1fa..488b97f025 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -63,18 +63,19 @@ static void x509v3_cache_extensions(X509 *x); -static int ca_check(X509 *x); -static int check_ssl_ca(X509 *x); -static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); -static int purpose_smime(X509 *x, int ca); -static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca); -static int no_check(X509_PURPOSE *xp, X509 *x, int ca); - -static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b); +static int ca_check(const X509 *x); +static int check_ssl_ca(const X509 *x); +static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca); +static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); +static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); +static int purpose_smime(const X509 *x, int ca); +static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca); +static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca); +static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca); +static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca); + +static int xp_cmp(const X509_PURPOSE * const *a, + const X509_PURPOSE * const *b); static void xptable_free(X509_PURPOSE *p); static X509_PURPOSE xstandard[] = { @@ -93,15 +94,19 @@ IMPLEMENT_STACK_OF(X509_PURPOSE) static STACK_OF(X509_PURPOSE) *xptable = NULL; -static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b) +static int xp_cmp(const X509_PURPOSE * const *a, + const X509_PURPOSE * const *b) { return (*a)->purpose - (*b)->purpose; } +/* As much as I'd like to make X509_check_purpose use a "const" X509* + * I really can't because it does recalculate hashes and do other non-const + * things. */ int X509_check_purpose(X509 *x, int id, int ca) { int idx; - X509_PURPOSE *pt; + const X509_PURPOSE *pt; if(!(x->ex_flags & EXFLAG_SET)) { CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); @@ -153,7 +158,7 @@ int X509_PURPOSE_get_by_id(int purpose) } int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(X509_PURPOSE *, X509 *, int), + int (*ck)(const X509_PURPOSE *, const X509 *, int), char *name, char *sname, void *arg) { int idx; @@ -343,7 +348,7 @@ static void x509v3_cache_extensions(X509 *x) #define ns_reject(x, usage) \ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) -static int ca_check(X509 *x) +static int ca_check(const X509 *x) { /* keyUsage if present should allow cert signing */ if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; @@ -358,7 +363,7 @@ static int ca_check(X509 *x) } /* Check SSL CA: common checks for SSL client and server */ -static int check_ssl_ca(X509 *x) +static int check_ssl_ca(const X509 *x) { int ca_ret; ca_ret = ca_check(x); @@ -373,7 +378,7 @@ static int check_ssl_ca(X509 *x) } -static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) { if(xku_reject(x,XKU_SSL_CLIENT)) return 0; if(ca) return check_ssl_ca(x); @@ -384,7 +389,7 @@ static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca) return 1; } -static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) { if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; if(ca) return check_ssl_ca(x); @@ -397,7 +402,7 @@ static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) } -static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) { int ret; ret = check_purpose_ssl_server(xp, x, ca); @@ -408,7 +413,7 @@ static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) } /* common S/MIME checks */ -static int purpose_smime(X509 *x, int ca) +static int purpose_smime(const X509 *x, int ca) { if(xku_reject(x,XKU_SMIME)) return 0; if(ca) { @@ -432,7 +437,7 @@ static int purpose_smime(X509 *x, int ca) return 1; } -static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca) { int ret; ret = purpose_smime(x, ca); @@ -441,7 +446,7 @@ static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca) return ret; } -static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca) { int ret; ret = purpose_smime(x, ca); @@ -450,7 +455,7 @@ static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca) return ret; } -static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) { if(ca) { int ca_ret; @@ -461,7 +466,7 @@ static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca) return 1; } -static int no_check(X509_PURPOSE *xp, X509 *x, int ca) +static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) { return 1; } diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index f2225d3980..c04fc42da1 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -334,7 +334,8 @@ typedef struct x509_purpose_st { int purpose; int trust; /* Default trust ID */ int flags; - int (*check_purpose)(struct x509_purpose_st *, X509 *, int); + int (*check_purpose)(const struct x509_purpose_st *, + const X509 *, int); char *name; char *sname; void *usr_data; @@ -536,7 +537,7 @@ X509_PURPOSE * X509_PURPOSE_get0(int idx); int X509_PURPOSE_get_by_sname(char *sname); int X509_PURPOSE_get_by_id(int id); int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(X509_PURPOSE *, X509 *, int), + int (*ck)(const X509_PURPOSE *, const X509 *, int), char *name, char *sname, void *arg); char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 6a09d6aa8a..1977707947 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -69,7 +69,7 @@ static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); static int ssl3_get_server_hello(SSL *s); static int ssl3_get_certificate_request(SSL *s); -static int ca_dn_cmp(X509_NAME **a,X509_NAME **b); +static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); static int ssl3_get_server_done(SSL *s); static int ssl3_send_client_verify(SSL *s); static int ssl3_send_client_certificate(SSL *s); @@ -1275,7 +1275,7 @@ err: return(ret); } -static int ca_dn_cmp(X509_NAME **a, X509_NAME **b) +static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) { return(X509_NAME_cmp(*a,*b)); } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index e134e6f3e0..fc8b8a7a53 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -568,7 +568,7 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) return(add_client_CA(&(ctx->client_CA),x)); } -static int xname_cmp(X509_NAME **a,X509_NAME **b) +static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) { return(X509_NAME_cmp(*a,*b)); } @@ -649,7 +649,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, X509 *x=NULL; X509_NAME *xn=NULL; int ret=1; - int (*oldcmp)(X509_NAME **a, X509_NAME **b); + int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index a5b2b97056..817b6b31f4 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1037,7 +1037,8 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) return(NULL); } -static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b) +static int sk_comp_cmp(const SSL_COMP * const *a, + const SSL_COMP * const *b) { return((*a)->id-(*b)->id); } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c515c41b4e..f4eb35b15e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -874,7 +874,7 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) } } -int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b) +int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) { long l; @@ -885,7 +885,8 @@ int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b) return((l > 0)?1:-1); } -int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp) +int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, + const SSL_CIPHER * const *bp) { long l; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 9a52bab254..d70fff4627 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -423,8 +423,9 @@ void ssl_sess_cert_free(SESS_CERT *sc); int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session,int len); -int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b); -int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp); +int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); +int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, + const SSL_CIPHER * const *bp); STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, STACK_OF(SSL_CIPHER) **skp); int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p); -- 2.25.1