Here's a slightly more interesting one. It adds const to 'section',
'name' and 'value' parameters of the X509_EXT_* famliy of
functions. We also need adjust the get_section() and get_string()
members of the X509V3_CONF_METHOD_st structure to match OpenSSL's as
well as a handful of internal functions. As usual, run through a bulk
by sthen.
Index: lib/libcrypto/x509v3/v3_conf.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509v3/v3_conf.c,v
retrieving revision 1.21
diff -u -p -r1.21 v3_conf.c
--- lib/libcrypto/x509v3/v3_conf.c 29 Jan 2017 17:49:23 -0000 1.21
+++ lib/libcrypto/x509v3/v3_conf.c 13 May 2018 15:38:36 -0000
@@ -66,23 +66,27 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-static int v3_check_critical(char **value);
-static int v3_check_generic(char **value);
+static int v3_check_critical(const char **value);
+static int v3_check_generic(const char **value);
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
- int crit, char *value);
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+ int crit, const char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
int crit, int type, X509V3_CTX *ctx);
-static char *conf_lhash_get_string(void *db, char *section, char *value);
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
+static char *conf_lhash_get_string(void *db, const char *section,
+ const char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db,
+ const char *section);
static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
int crit, void *ext_struc);
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long
*ext_len);
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+ long *ext_len);
/* CONF *conf: Config file */
/* char *name: Name */
/* char *value: Value */
X509_EXTENSION *
-X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
+X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+ const char *value)
{
int crit;
int ext_type;
@@ -102,7 +106,8 @@ X509V3_EXT_nconf(CONF *conf, X509V3_CTX
/* CONF *conf: Config file */
/* char *value: Value */
X509_EXTENSION *
-X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value)
+X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ const char *value)
{
int crit;
int ext_type;
@@ -117,7 +122,8 @@ X509V3_EXT_nconf_nid(CONF *conf, X509V3_
/* CONF *conf: Config file */
/* char *value: Value */
static X509_EXTENSION *
-do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
+do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit,
+ const char *value)
{
const X509V3_EXT_METHOD *method;
X509_EXTENSION *ext;
@@ -233,9 +239,9 @@ X509V3_EXT_i2d(int ext_nid, int crit, vo
/* Check the extension string for critical flag */
static int
-v3_check_critical(char **value)
+v3_check_critical(const char **value)
{
- char *p = *value;
+ const char *p = *value;
if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
return 0;
@@ -247,10 +253,10 @@ v3_check_critical(char **value)
/* Check extension string for generic extension and return the type */
static int
-v3_check_generic(char **value)
+v3_check_generic(const char **value)
{
int gen_type = 0;
- char *p = *value;
+ const char *p = *value;
if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
p += 4;
@@ -269,7 +275,7 @@ v3_check_generic(char **value)
/* Create a generic extension: for now just handle DER type */
static X509_EXTENSION *
-v3_generic_extension(const char *ext, char *value, int crit, int gen_type,
+v3_generic_extension(const char *ext, const char *value, int crit, int
gen_type,
X509V3_CTX *ctx)
{
unsigned char *ext_der = NULL;
@@ -318,7 +324,7 @@ err:
}
static unsigned char *
-generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
+generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len)
{
ASN1_TYPE *typ;
unsigned char *ext_der = NULL;
@@ -336,7 +342,7 @@ generic_asn1(char *value, X509V3_CTX *ct
*/
int
-X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
STACK_OF(X509_EXTENSION) **sk)
{
X509_EXTENSION *ext;
@@ -360,7 +366,8 @@ X509V3_EXT_add_nconf_sk(CONF *conf, X509
/* Convenience functions to add extensions to a certificate, CRL and request */
int
-X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
+X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509 *cert)
{
STACK_OF(X509_EXTENSION) **sk = NULL;
@@ -372,7 +379,7 @@ X509V3_EXT_add_nconf(CONF *conf, X509V3_
/* Same as above but for a CRL */
int
-X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
X509_CRL *crl)
{
STACK_OF(X509_EXTENSION) **sk = NULL;
@@ -385,7 +392,7 @@ X509V3_EXT_CRL_add_nconf(CONF *conf, X50
/* Add extensions to certificate request */
int
-X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
X509_REQ *req)
{
STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
@@ -446,13 +453,13 @@ X509V3_section_free(X509V3_CTX *ctx, STA
}
static char *
-nconf_get_string(void *db, char *section, char *value)
+nconf_get_string(void *db, const char *section, const char *value)
{
return NCONF_get_string(db, section, value);
}
-static
-STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+static STACK_OF(CONF_VALUE) *
+nconf_get_section(void *db, const char *section)
{
return NCONF_get_section(db, section);
}
@@ -485,8 +492,8 @@ X509V3_set_ctx(X509V3_CTX *ctx, X509 *is
/* Old conf compatibility functions */
X509_EXTENSION *
-X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name,
- char *value)
+X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name,
+ const char *value)
{
CONF ctmp;
@@ -498,7 +505,7 @@ X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *co
/* char *value: Value */
X509_EXTENSION *
X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid,
- char *value)
+ const char *value)
{
CONF ctmp;
@@ -507,13 +514,13 @@ X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE)
}
static char *
-conf_lhash_get_string(void *db, char *section, char *value)
+conf_lhash_get_string(void *db, const char *section, const char *value)
{
return CONF_get_string(db, section, value);
}
static STACK_OF(CONF_VALUE) *
-conf_lhash_get_section(void *db, char *section)
+conf_lhash_get_section(void *db, const char *section)
{
return CONF_get_section(db, section);
}
@@ -533,8 +540,8 @@ X509V3_set_conf_lhash(X509V3_CTX *ctx, L
}
int
-X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section,
- X509 *cert)
+X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+ const char *section, X509 *cert)
{
CONF ctmp;
@@ -546,7 +553,7 @@ X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE)
int
X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509_CRL *crl)
+ const char *section, X509_CRL *crl)
{
CONF ctmp;
@@ -558,7 +565,7 @@ X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VA
int
X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509_REQ *req)
+ const char *section, X509_REQ *req)
{
CONF ctmp;
Index: lib/libcrypto/x509v3/x509v3.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509v3/x509v3.h,v
retrieving revision 1.24
diff -u -p -r1.24 x509v3.h
--- lib/libcrypto/x509v3/x509v3.h 13 May 2018 15:03:01 -0000 1.24
+++ lib/libcrypto/x509v3/x509v3.h 13 May 2018 15:38:36 -0000
@@ -121,9 +121,9 @@ void *usr_data; /* Any extension specifi
};
typedef struct X509V3_CONF_METHOD_st {
-char * (*get_string)(void *db, char *section, char *value);
-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
-void (*free_string)(void *db, char * string);
+char * (*get_string)(void *db, const char *section, const char *value);
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, const char *section);
+void (*free_string)(void *db, char *string);
void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
} X509V3_CONF_METHOD;
@@ -696,23 +696,29 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERA
X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
void X509V3_conf_free(CONF_VALUE *val);
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
char *value);
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char
*value);
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
STACK_OF(X509_EXTENSION) **sk);
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509
*cert);
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
X509_REQ *req);
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
X509_CRL *crl);
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ const char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+ const char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+ STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509_CRL *crl);
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX
*ctx,
- int ext_nid, char *value);
+ int ext_nid, const char *value);
X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *name, char *value);
+ const char *name, const char *value);
int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509 *cert);
+ const char *section, X509 *cert);
int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509_REQ *req);
+ const char *section, X509_REQ *req);
int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509_CRL *crl);
+ const char *section, X509_CRL *crl);
int X509V3_add_value_bool_nf(char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist);
