If I'm not totally confused, this is the penultimate big batch I have
lined up.
In this diff there are two things I'd like to mention:
* a2i_GENERAL_NAME() grew const for its 'char *value' argument. The
function contains this piece of code:
if (!ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
strlen(value))) {
which casts const away again. OpenSSL kept the cast. However:
int
ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
{
const char *data = _data;
so I simply removed the (unsigned char *) cast.
* X509V3_get_string() and X509V3_get_section() contained redundant
checks which disturbed me. I left the removal in the diff, but I
could understand if people would prefer to keep them.
Index: lib/libcrypto/x509/x509.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509.h,v
retrieving revision 1.50
diff -u -p -r1.50 x509.h
--- lib/libcrypto/x509/x509.h 18 May 2018 14:19:46 -0000 1.50
+++ lib/libcrypto/x509/x509.h 18 May 2018 15:56:44 -0000
@@ -1049,7 +1049,7 @@ int X509_REVOKED_set_serialNumber(X509_R
int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
-int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
unsigned long X509_issuer_and_serial_hash(X509 *a);
@@ -1138,14 +1138,15 @@ X509_EXTENSION *X509v3_delete_ext(STACK_
STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
X509_EXTENSION *ex, int loc);
-int X509_get_ext_count(X509 *x);
-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
-int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
-X509_EXTENSION *X509_get_ext(X509 *x, int loc);
+int X509_get_ext_count(const X509 *x);
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj,
+ int lastpos);
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+void * X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
unsigned long flags);
@@ -1217,7 +1218,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTR
int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void
*data, int len);
void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
int atrtype, void *data);
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
Index: lib/libcrypto/x509/x509_att.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_att.c,v
retrieving revision 1.16
diff -u -p -r1.16 x509_att.c
--- lib/libcrypto/x509/x509_att.c 13 May 2018 06:48:00 -0000 1.16
+++ lib/libcrypto/x509/x509_att.c 18 May 2018 15:56:44 -0000
@@ -353,7 +353,7 @@ err:
}
int
-X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
+X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
{
if (!attr->single)
return sk_ASN1_TYPE_num(attr->value.set);
Index: lib/libcrypto/x509/x509_cmp.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_cmp.c,v
retrieving revision 1.32
diff -u -p -r1.32 x509_cmp.c
--- lib/libcrypto/x509/x509_cmp.c 13 May 2018 10:36:35 -0000 1.32
+++ lib/libcrypto/x509/x509_cmp.c 18 May 2018 15:56:44 -0000
@@ -343,12 +343,12 @@ X509_get0_pubkey_bitstr(const X509 *x)
}
int
-X509_check_private_key(X509 *x, EVP_PKEY *k)
+X509_check_private_key(const X509 *x, const EVP_PKEY *k)
{
EVP_PKEY *xk;
int ret;
- xk = X509_get_pubkey(x);
+ xk = X509_get0_pubkey(x);
if (xk)
ret = EVP_PKEY_cmp(xk, k);
Index: lib/libcrypto/x509/x509_ext.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_ext.c,v
retrieving revision 1.10
diff -u -p -r1.10 x509_ext.c
--- lib/libcrypto/x509/x509_ext.c 18 May 2018 14:19:46 -0000 1.10
+++ lib/libcrypto/x509/x509_ext.c 18 May 2018 15:56:44 -0000
@@ -121,32 +121,32 @@ X509_CRL_add_ext(X509_CRL *x, X509_EXTEN
}
int
-X509_get_ext_count(X509 *x)
+X509_get_ext_count(const X509 *x)
{
return (X509v3_get_ext_count(x->cert_info->extensions));
}
int
-X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
+X509_get_ext_by_NID(const X509 *x, int nid, int lastpos)
{
return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos));
}
int
-X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
+X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos)
{
return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos));
}
int
-X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
+X509_get_ext_by_critical(const X509 *x, int crit, int lastpos)
{
return (X509v3_get_ext_by_critical(x->cert_info->extensions, crit,
lastpos));
}
X509_EXTENSION *
-X509_get_ext(X509 *x, int loc)
+X509_get_ext(const X509 *x, int loc)
{
return (X509v3_get_ext(x->cert_info->extensions, loc));
}
@@ -164,7 +164,7 @@ X509_add_ext(X509 *x, X509_EXTENSION *ex
}
void *
-X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
+X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx)
{
return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
}
Index: lib/libcrypto/x509v3/v3_alt.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509v3/v3_alt.c,v
retrieving revision 1.27
diff -u -p -r1.27 v3_alt.c
--- lib/libcrypto/x509v3/v3_alt.c 29 Jan 2017 17:49:23 -0000 1.27
+++ lib/libcrypto/x509v3/v3_alt.c 18 May 2018 15:56:44 -0000
@@ -69,8 +69,8 @@ static GENERAL_NAMES *v2i_issuer_alt(X50
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
const X509V3_EXT_METHOD v3_alt[] = {
{
@@ -481,7 +481,7 @@ v2i_GENERAL_NAME(const X509V3_EXT_METHOD
GENERAL_NAME *
a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, int gen_type, char *value, int is_nc)
+ X509V3_CTX *ctx, int gen_type, const char *value, int is_nc)
{
char is_string = 0;
GENERAL_NAME *gen = NULL;
@@ -553,8 +553,7 @@ a2i_GENERAL_NAME(GENERAL_NAME *out, cons
if (is_string) {
if (!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
- !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
- strlen(value))) {
+ !ASN1_STRING_set(gen->d.ia5, value, strlen(value))) {
X509V3error(ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -609,7 +608,7 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, c
}
static int
-do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
{
char *objtmp = NULL, *p;
int objlen;
@@ -638,7 +637,7 @@ do_othername(GENERAL_NAME *gen, char *va
}
static int
-do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
{
int ret;
STACK_OF(CONF_VALUE) *sk;
Index: lib/libcrypto/x509v3/v3_conf.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509v3/v3_conf.c,v
retrieving revision 1.22
diff -u -p -r1.22 v3_conf.c
--- lib/libcrypto/x509v3/v3_conf.c 13 May 2018 17:49:02 -0000 1.22
+++ lib/libcrypto/x509v3/v3_conf.c 18 May 2018 15:56:45 -0000
@@ -411,27 +411,23 @@ X509V3_EXT_REQ_add_nconf(CONF *conf, X50
/* Config database functions */
char *
-X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
+X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section)
{
if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
return NULL;
}
- if (ctx->db_meth->get_string)
- return ctx->db_meth->get_string(ctx->db, name, section);
- return NULL;
+ return ctx->db_meth->get_string(ctx->db, name, section);
}
STACK_OF(CONF_VALUE) *
-X509V3_get_section(X509V3_CTX *ctx, char *section)
+X509V3_get_section(X509V3_CTX *ctx, const char *section)
{
if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
return NULL;
}
- if (ctx->db_meth->get_section)
- return ctx->db_meth->get_section(ctx->db, section);
- return NULL;
+ return ctx->db_meth->get_section(ctx->db, section);
}
void
Index: lib/libcrypto/x509v3/v3_utl.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509v3/v3_utl.c,v
retrieving revision 1.28
diff -u -p -r1.28 v3_utl.c
--- lib/libcrypto/x509v3/v3_utl.c 25 Apr 2018 11:48:21 -0000 1.28
+++ lib/libcrypto/x509v3/v3_utl.c 18 May 2018 15:56:45 -0000
@@ -140,7 +140,7 @@ X509V3_add_value_bool(const char *name,
}
int
-X509V3_add_value_bool_nf(char *name, int asn1_bool,
+X509V3_add_value_bool_nf(const char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist)
{
if (asn1_bool)
@@ -246,7 +246,7 @@ X509V3_add_value_int(const char *name, A
}
int
-X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
+X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool)
{
char *btmp;
@@ -271,7 +271,7 @@ err:
}
int
-X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
+X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint)
{
ASN1_INTEGER *itmp;
Index: lib/libcrypto/x509v3/x509v3.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509v3/x509v3.h,v
retrieving revision 1.25
diff -u -p -r1.25 x509v3.h
--- lib/libcrypto/x509v3/x509v3.h 13 May 2018 17:49:03 -0000 1.25
+++ lib/libcrypto/x509v3/x509v3.h 18 May 2018 15:56:45 -0000
@@ -686,7 +686,7 @@ extern const ASN1_ITEM POLICY_CONSTRAINT
GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
- int gen_type, char *value, int is_nc);
+ int gen_type, const char *value, int is_nc);
#ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX
*ctx,
@@ -720,16 +720,17 @@ int X509V3_EXT_REQ_add_conf(LHASH_OF(CON
int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
const char *section, X509_CRL *crl);
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist);
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
#endif
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name,
+ const char *section);
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
void X509V3_string_free(X509V3_CTX *ctx, char *str);
void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
