Here's a few X509_* functions with added const. This was part of a bulk
by sthen with no fallout. One minor difference: the diff I sent to
Stuart contained a mistake in X509_signature_print().
Most of these are straightforward. X509_ALGOR_get0() required a bit of
churn in *{pub,priv}_decode* functions. Among those, gost stands out
with an ugly cast, but I'd rather not touch these more than necessary.
Index: asn1/t_x509.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/asn1/t_x509.c,v
retrieving revision 1.29
diff -u -p -r1.29 t_x509.c
--- asn1/t_x509.c 25 Apr 2018 19:58:53 -0000 1.29
+++ asn1/t_x509.c 1 May 2018 16:18:46 -0000
@@ -321,7 +321,7 @@ X509_signature_dump(BIO *bp, const ASN1_
}
int
-X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig)
{
int sig_nid;
if (BIO_puts(bp, " Signature Algorithm: ") <= 0)
Index: asn1/x_algor.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/asn1/x_algor.c,v
retrieving revision 1.21
diff -u -p -r1.21 x_algor.c
--- asn1/x_algor.c 24 Jul 2015 15:09:52 -0000 1.21
+++ asn1/x_algor.c 1 May 2018 16:18:46 -0000
@@ -176,8 +176,8 @@ X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OB
}
void
-X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
- X509_ALGOR *algor)
+X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval,
+ const X509_ALGOR *algor)
{
if (paobj)
*paobj = algor->algorithm;
Index: asn1/x_x509a.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/asn1/x_x509a.c,v
retrieving revision 1.14
diff -u -p -r1.14 x_x509a.c
--- asn1/x_x509a.c 14 Feb 2015 15:28:39 -0000 1.14
+++ asn1/x_x509a.c 1 May 2018 16:18:46 -0000
@@ -154,7 +154,7 @@ aux_get(X509 *x)
}
int
-X509_alias_set1(X509 *x, unsigned char *name, int len)
+X509_alias_set1(X509 *x, const unsigned char *name, int len)
{
X509_CERT_AUX *aux;
if (!name) {
@@ -172,7 +172,7 @@ X509_alias_set1(X509 *x, unsigned char *
}
int
-X509_keyid_set1(X509 *x, unsigned char *id, int len)
+X509_keyid_set1(X509 *x, const unsigned char *id, int len)
{
X509_CERT_AUX *aux;
if (!id) {
@@ -210,7 +210,7 @@ X509_keyid_get0(X509 *x, int *len)
}
int
-X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
+X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj)
{
X509_CERT_AUX *aux;
ASN1_OBJECT *objtmp;
@@ -232,7 +232,7 @@ err:
}
int
-X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
+X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj)
{
X509_CERT_AUX *aux;
ASN1_OBJECT *objtmp;
Index: dh/dh_ameth.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/dh/dh_ameth.c,v
retrieving revision 1.14
diff -u -p -r1.14 dh_ameth.c
--- dh/dh_ameth.c 29 Jan 2017 17:49:22 -0000 1.14
+++ dh/dh_ameth.c 1 May 2018 16:18:46 -0000
@@ -78,8 +78,8 @@ dh_pub_decode(EVP_PKEY *pkey, X509_PUBKE
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
- void *pval;
- ASN1_STRING *pstr;
+ const void *pval;
+ const ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *public_key = NULL;
DH *dh = NULL;
@@ -185,8 +185,8 @@ dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRI
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
- void *pval;
- ASN1_STRING *pstr;
+ const void *pval;
+ const ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
DH *dh = NULL;
Index: dsa/dsa_ameth.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/dsa/dsa_ameth.c,v
retrieving revision 1.23
diff -u -p -r1.23 dsa_ameth.c
--- dsa/dsa_ameth.c 29 Jan 2017 17:49:22 -0000 1.23
+++ dsa/dsa_ameth.c 1 May 2018 16:18:46 -0000
@@ -75,8 +75,8 @@ dsa_pub_decode(EVP_PKEY *pkey, X509_PUBK
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
- void *pval;
- ASN1_STRING *pstr;
+ const void *pval;
+ const ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *public_key = NULL;
@@ -184,8 +184,8 @@ dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PR
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
- void *pval;
- ASN1_STRING *pstr;
+ const void *pval;
+ const ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
BN_CTX *ctx = NULL;
Index: ec/ec_ameth.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/ec/ec_ameth.c,v
retrieving revision 1.19
diff -u -p -r1.19 ec_ameth.c
--- ec/ec_ameth.c 12 Mar 2018 13:14:21 -0000 1.19
+++ ec/ec_ameth.c 1 May 2018 16:18:46 -0000
@@ -136,12 +136,12 @@ err:
}
static EC_KEY *
-eckey_type2param(int ptype, void *pval)
+eckey_type2param(int ptype, const void *pval)
{
EC_KEY *eckey = NULL;
if (ptype == V_ASN1_SEQUENCE) {
- ASN1_STRING *pstr = pval;
+ const ASN1_STRING *pstr = pval;
const unsigned char *pm = NULL;
int pmlen;
@@ -152,7 +152,7 @@ eckey_type2param(int ptype, void *pval)
goto ecerr;
}
} else if (ptype == V_ASN1_OBJECT) {
- ASN1_OBJECT *poid = pval;
+ const ASN1_OBJECT *poid = pval;
EC_GROUP *group;
/*
@@ -187,7 +187,7 @@ static int
eckey_pub_decode(EVP_PKEY * pkey, X509_PUBKEY * pubkey)
{
const unsigned char *p = NULL;
- void *pval;
+ const void *pval;
int ptype, pklen;
EC_KEY *eckey = NULL;
X509_ALGOR *palg;
@@ -235,7 +235,7 @@ static int
eckey_priv_decode(EVP_PKEY * pkey, PKCS8_PRIV_KEY_INFO * p8)
{
const unsigned char *p = NULL;
- void *pval;
+ const void *pval;
int ptype, pklen;
EC_KEY *eckey = NULL;
X509_ALGOR *palg;
Index: gost/gostr341001_ameth.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/gost/gostr341001_ameth.c,v
retrieving revision 1.11
diff -u -p -r1.11 gostr341001_ameth.c
--- gost/gostr341001_ameth.c 29 Jan 2017 17:49:23 -0000 1.11
+++ gost/gostr341001_ameth.c 1 May 2018 16:18:47 -0000
@@ -201,7 +201,7 @@ pub_decode_gost01(EVP_PKEY *pk, X509_PUB
== 0)
return 0;
(void)EVP_PKEY_assign_GOST(pk, NULL);
- X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
+ X509_ALGOR_get0(NULL, &ptype, (const void **)&pval, palg);
if (ptype != V_ASN1_SEQUENCE) {
GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT);
return 0;
@@ -410,7 +410,7 @@ priv_decode_gost01(EVP_PKEY *pk, PKCS8_P
if (PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf) == 0)
return 0;
(void)EVP_PKEY_assign_GOST(pk, NULL);
- X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
+ X509_ALGOR_get0(NULL, &ptype, (const void **)&pval, palg);
if (ptype != V_ASN1_SEQUENCE) {
GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT);
return 0;
Index: x509/x509.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509.h,v
retrieving revision 1.45
diff -u -p -r1.45 x509.h
--- x509/x509.h 1 May 2018 16:14:54 -0000 1.45
+++ x509/x509.h 1 May 2018 16:18:47 -0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.45 2018/05/01 16:14:54 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.44 2018/03/17 15:28:27 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
* All rights reserved.
*
@@ -654,7 +654,8 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SP
int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent);
-int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig);
+int X509_signature_print(BIO *bp, const X509_ALGOR *alg,
+ const ASN1_STRING *sig);
int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
@@ -758,8 +759,8 @@ X509_CRL *X509_CRL_dup(X509_CRL *crl);
X509_REQ *X509_REQ_dup(X509_REQ *req);
X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
- X509_ALGOR *algor);
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void
**ppval,
+ const X509_ALGOR *algor);
void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
@@ -907,14 +908,14 @@ void X509_get0_signature(const ASN1_BIT_
const X509_ALGOR **palg, const X509 *x);
int X509_get_signature_nid(const X509 *x);
-int X509_alias_set1(X509 *x, unsigned char *name, int len);
-int X509_keyid_set1(X509 *x, unsigned char *id, int len);
+int X509_alias_set1(X509 *x, const unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
unsigned char *X509_alias_get0(X509 *x, int *len);
unsigned char *X509_keyid_get0(X509 *x, int *len);
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *,
int);
int X509_TRUST_set(int *t, int trust);
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
+int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj);
void X509_trust_clear(X509 *x);
void X509_reject_clear(X509 *x);
@@ -999,7 +1000,7 @@ const ASN1_TIME *X509_get0_notAfter(cons
ASN1_TIME *X509_getm_notAfter(const X509 *x);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
EVP_PKEY * X509_get_pubkey(X509 *x);
-EVP_PKEY * X509_get0_pubkey(X509 *x);
+EVP_PKEY * X509_get0_pubkey(const X509 *x);
ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
@@ -1121,7 +1122,7 @@ int X509_NAME_ENTRY_set_object(X509_NA
ASN1_OBJECT *obj);
int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
const unsigned char *bytes, int len);
-ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ASN1_OBJECT * X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
Index: x509/x509_cmp.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_cmp.c,v
retrieving revision 1.30
diff -u -p -r1.30 x509_cmp.c
--- x509/x509_cmp.c 17 Mar 2018 14:57:23 -0000 1.30
+++ x509/x509_cmp.c 1 May 2018 16:18:47 -0000
@@ -327,7 +327,7 @@ X509_get_pubkey(X509 *x)
}
EVP_PKEY *
-X509_get0_pubkey(X509 *x)
+X509_get0_pubkey(const X509 *x)
{
if (x == NULL || x->cert_info == NULL)
return (NULL);
Index: x509/x509name.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509name.c,v
retrieving revision 1.16
diff -u -p -r1.16 x509name.c
--- x509/x509name.c 4 Apr 2018 11:59:26 -0000 1.16
+++ x509/x509name.c 1 May 2018 16:18:47 -0000
@@ -388,7 +388,7 @@ X509_NAME_ENTRY_set_data(X509_NAME_ENTRY
}
ASN1_OBJECT *
-X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
+X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
{
if (ne == NULL)
return (NULL);
