Here is a larger diff. More of the same. The only noteworthy thing
here is that OpenSSL can't easily change their ASN1-generated version
of X509_NAME_ENTRY_dup(3) into a const function, so we need to cast
const away in X509_NAME_add_entry(3).
Again part of sthen's bulk.
Index: lib/libcrypto/asn1/a_strex.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/asn1/a_strex.c,v
retrieving revision 1.26
diff -u -p -r1.26 a_strex.c
--- lib/libcrypto/asn1/a_strex.c 25 Apr 2018 11:48:21 -0000 1.26
+++ lib/libcrypto/asn1/a_strex.c 18 May 2018 14:45:45 -0000
@@ -440,7 +440,7 @@ do_indent(char_io *io_ch, void *arg, int
#define FN_WIDTH_SN 10
static int
-do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, int indent,
+do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent,
unsigned long flags)
{
int i, prev = -1, orflags, cnt;
@@ -582,7 +582,8 @@ do_name_ex(char_io *io_ch, void *arg, X5
/* Wrappers round the main functions */
int
-X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
+X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
+ unsigned long flags)
{
if (flags == XN_FLAG_COMPAT)
return X509_NAME_print(out, nm, indent);
@@ -590,7 +591,8 @@ X509_NAME_print_ex(BIO *out, X509_NAME *
}
int
-X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
+X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
+ unsigned long flags)
{
if (flags == XN_FLAG_COMPAT) {
BIO *btmp;
Index: lib/libcrypto/asn1/t_x509.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/asn1/t_x509.c,v
retrieving revision 1.30
diff -u -p -r1.30 t_x509.c
--- lib/libcrypto/asn1/t_x509.c 1 May 2018 19:01:27 -0000 1.30
+++ lib/libcrypto/asn1/t_x509.c 18 May 2018 14:45:45 -0000
@@ -490,7 +490,7 @@ err:
}
int
-X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
+X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
{
char *s, *c, *b;
int ret = 0, l, i;
Index: lib/libcrypto/x509/x509.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509.h,v
retrieving revision 1.50
diff -u -p -r1.50 x509.h
--- lib/libcrypto/x509/x509.h 18 May 2018 14:19:46 -0000 1.50
+++ lib/libcrypto/x509/x509.h 18 May 2018 14:45:46 -0000
@@ -965,7 +965,7 @@ extern const ASN1_ITEM NETSCAPE_CERT_SEQ
#ifndef OPENSSL_NO_EVP
X509_INFO * X509_INFO_new(void);
void X509_INFO_free(X509_INFO *a);
-char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+char * X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
unsigned char *md,unsigned int *len);
@@ -1076,11 +1076,13 @@ int X509_print_ex_fp(FILE *bp,X509 *x,
int X509_print_fp(FILE *bp,X509 *x);
int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long
flags);
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
+ unsigned long flags);
#ifndef OPENSSL_NO_BIO
-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long
flags);
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
+ unsigned long flags);
int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned
long cflag);
int X509_print(BIO *bp,X509 *x);
int X509_ocspid_print(BIO *bp,X509 *x);
@@ -1090,40 +1092,40 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ
int X509_REQ_print(BIO *bp,X509_REQ *req);
#endif
-int X509_NAME_entry_count(X509_NAME *name);
+int X509_NAME_entry_count(const X509_NAME *name);
int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
char *buf,int len);
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
- char *buf,int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name,
+ const ASN1_OBJECT *obj, char *buf,int len);
/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
* lastpos, search after that position on. */
int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
- int lastpos);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+int X509_NAME_get_index_by_OBJ(X509_NAME *name,
+ const ASN1_OBJECT *obj, int lastpos);
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne,
int loc, int set);
int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
- unsigned char *bytes, int len, int loc, int set);
+ const unsigned char *bytes, int len, int loc, int set);
int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
- unsigned char *bytes, int len, int loc, int set);
+ const unsigned char *bytes, int len, int loc, int set);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
const char *field, int type, const unsigned char *bytes, int
len);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
- int type,unsigned char *bytes, int len);
+ int type, const unsigned char *bytes, int len);
int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
const unsigned char *bytes, int len, int loc, int set);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
- ASN1_OBJECT *obj, int type,const unsigned char *bytes,
- int len);
+ const ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes, int len);
int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
- ASN1_OBJECT *obj);
+ const ASN1_OBJECT *obj);
int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
const unsigned char *bytes, int len);
ASN1_OBJECT * X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
-ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
@@ -1179,13 +1181,14 @@ X509_EXTENSION *X509_EXTENSION_create_by
int nid, int crit, ASN1_OCTET_STRING *data);
X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
-int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
+int X509_EXTENSION_set_object(X509_EXTENSION *ex,
+ const ASN1_OBJECT *obj);
int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
int X509_EXTENSION_set_data(X509_EXTENSION *ex,
ASN1_OCTET_STRING *data);
ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
-int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
Index: lib/libcrypto/x509/x509_lu.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_lu.c,v
retrieving revision 1.28
diff -u -p -r1.28 x509_lu.c
--- lib/libcrypto/x509/x509_lu.c 17 Mar 2018 15:43:32 -0000 1.28
+++ lib/libcrypto/x509/x509_lu.c 18 May 2018 14:45:46 -0000
@@ -154,8 +154,8 @@ X509_LOOKUP_by_issuer_serial(X509_LOOKUP
}
int
-X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, unsigned char *bytes,
- int len, X509_OBJECT *ret)
+X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
+ const unsigned char *bytes, int len, X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
return X509_LU_FAIL;
@@ -163,7 +163,7 @@ X509_LOOKUP_by_fingerprint(X509_LOOKUP *
}
int
-X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
+X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, const char *str, int len,
X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
Index: lib/libcrypto/x509/x509_obj.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_obj.c,v
retrieving revision 1.17
diff -u -p -r1.17 x509_obj.c
--- lib/libcrypto/x509/x509_obj.c 29 Jan 2017 17:49:23 -0000 1.17
+++ lib/libcrypto/x509/x509_obj.c 18 May 2018 14:45:46 -0000
@@ -66,7 +66,7 @@
#include <openssl/x509.h>
char *
-X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+X509_NAME_oneline(const X509_NAME *a, char *buf, int len)
{
X509_NAME_ENTRY *ne;
int i;
Index: lib/libcrypto/x509/x509_v3.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_v3.c,v
retrieving revision 1.15
diff -u -p -r1.15 x509_v3.c
--- lib/libcrypto/x509/x509_v3.c 13 May 2018 10:25:06 -0000 1.15
+++ lib/libcrypto/x509/x509_v3.c 18 May 2018 14:45:46 -0000
@@ -240,7 +240,7 @@ err:
}
int
-X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
+X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj)
{
if ((ex == NULL) || (obj == NULL))
return (0);
@@ -288,7 +288,7 @@ X509_EXTENSION_get_data(X509_EXTENSION *
}
int
-X509_EXTENSION_get_critical(X509_EXTENSION *ex)
+X509_EXTENSION_get_critical(const X509_EXTENSION *ex)
{
if (ex == NULL)
return (0);
Index: lib/libcrypto/x509/x509_vfy.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.h,v
retrieving revision 1.27
diff -u -p -r1.27 x509_vfy.h
--- lib/libcrypto/x509/x509_vfy.h 20 Mar 2018 15:26:22 -0000 1.27
+++ lib/libcrypto/x509/x509_vfy.h 18 May 2018 14:45:46 -0000
@@ -141,9 +141,9 @@ typedef struct x509_lookup_method_st
int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
ASN1_INTEGER *serial,X509_OBJECT *ret);
int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
- unsigned char *bytes,int len,
+ const unsigned char *bytes,int len,
X509_OBJECT *ret);
- int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
+ int (*get_by_alias)(X509_LOOKUP *ctx,int type, const char *str,int len,
X509_OBJECT *ret);
} X509_LOOKUP_METHOD;
@@ -496,8 +496,8 @@ int X509_LOOKUP_by_subject(X509_LOOKUP *
int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
ASN1_INTEGER *serial, X509_OBJECT *ret);
int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
- unsigned char *bytes, int len, X509_OBJECT *ret);
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
+ const unsigned char *bytes, int len, X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, const char *str,
int len, X509_OBJECT *ret);
int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
Index: lib/libcrypto/x509/x509name.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509name.c,v
retrieving revision 1.17
diff -u -p -r1.17 x509name.c
--- lib/libcrypto/x509/x509name.c 1 May 2018 19:01:28 -0000 1.17
+++ lib/libcrypto/x509/x509name.c 18 May 2018 14:45:46 -0000
@@ -78,7 +78,7 @@ X509_NAME_get_text_by_NID(X509_NAME *nam
}
int
-X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
+X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf,
int len)
{
int i;
@@ -99,7 +99,7 @@ X509_NAME_get_text_by_OBJ(X509_NAME *nam
}
int
-X509_NAME_entry_count(X509_NAME *name)
+X509_NAME_entry_count(const X509_NAME *name)
{
if (name == NULL)
return (0);
@@ -119,7 +119,7 @@ X509_NAME_get_index_by_NID(X509_NAME *na
/* NOTE: you should be passsing -1, not 0 as lastpos */
int
-X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos)
+X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int
lastpos)
{
int n;
X509_NAME_ENTRY *ne;
@@ -140,7 +140,7 @@ X509_NAME_get_index_by_OBJ(X509_NAME *na
}
X509_NAME_ENTRY *
-X509_NAME_get_entry(X509_NAME *name, int loc)
+X509_NAME_get_entry(const X509_NAME *name, int loc)
{
if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc ||
loc < 0)
@@ -189,7 +189,7 @@ X509_NAME_delete_entry(X509_NAME *name,
int
X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
- unsigned char *bytes, int len, int loc, int set)
+ const unsigned char *bytes, int len, int loc, int set)
{
X509_NAME_ENTRY *ne;
int ret;
@@ -204,7 +204,7 @@ X509_NAME_add_entry_by_OBJ(X509_NAME *na
int
X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
- unsigned char *bytes, int len, int loc, int set)
+ const unsigned char *bytes, int len, int loc, int set)
{
X509_NAME_ENTRY *ne;
int ret;
@@ -235,7 +235,8 @@ X509_NAME_add_entry_by_txt(X509_NAME *na
/* if set is -1, append to previous set, 0 'a new one', and 1,
* prepend to the guy we are about to stomp on. */
int
-X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, int set)
+X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc,
+ int set)
{
X509_NAME_ENTRY *new_name = NULL;
int n, i, inc;
@@ -268,7 +269,8 @@ X509_NAME_add_entry(X509_NAME *name, X50
set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
}
- if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL)
+ /* OpenSSL has ASN1-generated X509_NAME_ENTRY_dup() without const. */
+ if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL)
goto err;
new_name->set = set;
if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
@@ -308,7 +310,7 @@ X509_NAME_ENTRY_create_by_txt(X509_NAME_
X509_NAME_ENTRY *
X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,
- unsigned char *bytes, int len)
+ const unsigned char *bytes, int len)
{
ASN1_OBJECT *obj;
X509_NAME_ENTRY *nentry;
@@ -324,8 +326,8 @@ X509_NAME_ENTRY_create_by_NID(X509_NAME_
}
X509_NAME_ENTRY *
-X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type,
- const unsigned char *bytes, int len)
+X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, const ASN1_OBJECT *obj,
+ int type, const unsigned char *bytes, int len)
{
X509_NAME_ENTRY *ret;
@@ -351,7 +353,7 @@ err:
}
int
-X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
+X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj)
{
if ((ne == NULL) || (obj == NULL)) {
X509error(ERR_R_PASSED_NULL_PARAMETER);
@@ -396,7 +398,7 @@ X509_NAME_ENTRY_get_object(const X509_NA
}
ASN1_STRING *
-X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
+X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
{
if (ne == NULL)
return (NULL);
