If I'm not totally confused, this is the penultimate big batch I have lined up.
In this diff there are two things I'd like to mention: * a2i_GENERAL_NAME() grew const for its 'char *value' argument. The function contains this piece of code: if (!ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, strlen(value))) { which casts const away again. OpenSSL kept the cast. However: int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) { const char *data = _data; so I simply removed the (unsigned char *) cast. * X509V3_get_string() and X509V3_get_section() contained redundant checks which disturbed me. I left the removal in the diff, but I could understand if people would prefer to keep them. Index: lib/libcrypto/x509/x509.h =================================================================== RCS file: /cvs/src/lib/libcrypto/x509/x509.h,v retrieving revision 1.50 diff -u -p -r1.50 x509.h --- lib/libcrypto/x509/x509.h 18 May 2018 14:19:46 -0000 1.50 +++ lib/libcrypto/x509/x509.h 18 May 2018 15:56:44 -0000 @@ -1049,7 +1049,7 @@ int X509_REVOKED_set_serialNumber(X509_R int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); -int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); +int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); unsigned long X509_issuer_and_serial_hash(X509 *a); @@ -1138,14 +1138,15 @@ X509_EXTENSION *X509v3_delete_ext(STACK_ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc); -int X509_get_ext_count(X509 *x); -int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); -int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); -int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); -X509_EXTENSION *X509_get_ext(X509 *x, int loc); +int X509_get_ext_count(const X509 *x); +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(const X509 *x, int loc); X509_EXTENSION *X509_delete_ext(X509 *x, int loc); int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); -void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); +void * X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags); @@ -1217,7 +1218,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTR int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len); void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, void *data); -int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); Index: lib/libcrypto/x509/x509_att.c =================================================================== RCS file: /cvs/src/lib/libcrypto/x509/x509_att.c,v retrieving revision 1.16 diff -u -p -r1.16 x509_att.c --- lib/libcrypto/x509/x509_att.c 13 May 2018 06:48:00 -0000 1.16 +++ lib/libcrypto/x509/x509_att.c 18 May 2018 15:56:44 -0000 @@ -353,7 +353,7 @@ err: } int -X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) +X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr) { if (!attr->single) return sk_ASN1_TYPE_num(attr->value.set); Index: lib/libcrypto/x509/x509_cmp.c =================================================================== RCS file: /cvs/src/lib/libcrypto/x509/x509_cmp.c,v retrieving revision 1.32 diff -u -p -r1.32 x509_cmp.c --- lib/libcrypto/x509/x509_cmp.c 13 May 2018 10:36:35 -0000 1.32 +++ lib/libcrypto/x509/x509_cmp.c 18 May 2018 15:56:44 -0000 @@ -343,12 +343,12 @@ X509_get0_pubkey_bitstr(const X509 *x) } int -X509_check_private_key(X509 *x, EVP_PKEY *k) +X509_check_private_key(const X509 *x, const EVP_PKEY *k) { EVP_PKEY *xk; int ret; - xk = X509_get_pubkey(x); + xk = X509_get0_pubkey(x); if (xk) ret = EVP_PKEY_cmp(xk, k); Index: lib/libcrypto/x509/x509_ext.c =================================================================== RCS file: /cvs/src/lib/libcrypto/x509/x509_ext.c,v retrieving revision 1.10 diff -u -p -r1.10 x509_ext.c --- lib/libcrypto/x509/x509_ext.c 18 May 2018 14:19:46 -0000 1.10 +++ lib/libcrypto/x509/x509_ext.c 18 May 2018 15:56:44 -0000 @@ -121,32 +121,32 @@ X509_CRL_add_ext(X509_CRL *x, X509_EXTEN } int -X509_get_ext_count(X509 *x) +X509_get_ext_count(const X509 *x) { return (X509v3_get_ext_count(x->cert_info->extensions)); } int -X509_get_ext_by_NID(X509 *x, int nid, int lastpos) +X509_get_ext_by_NID(const X509 *x, int nid, int lastpos) { return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos)); } int -X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) +X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos) { return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos)); } int -X509_get_ext_by_critical(X509 *x, int crit, int lastpos) +X509_get_ext_by_critical(const X509 *x, int crit, int lastpos) { return (X509v3_get_ext_by_critical(x->cert_info->extensions, crit, lastpos)); } X509_EXTENSION * -X509_get_ext(X509 *x, int loc) +X509_get_ext(const X509 *x, int loc) { return (X509v3_get_ext(x->cert_info->extensions, loc)); } @@ -164,7 +164,7 @@ X509_add_ext(X509 *x, X509_EXTENSION *ex } void * -X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) +X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); } Index: lib/libcrypto/x509v3/v3_alt.c =================================================================== RCS file: /cvs/src/lib/libcrypto/x509v3/v3_alt.c,v retrieving revision 1.27 diff -u -p -r1.27 v3_alt.c --- lib/libcrypto/x509v3/v3_alt.c 29 Jan 2017 17:49:23 -0000 1.27 +++ lib/libcrypto/x509v3/v3_alt.c 18 May 2018 15:56:44 -0000 @@ -69,8 +69,8 @@ static GENERAL_NAMES *v2i_issuer_alt(X50 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); -static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); -static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); +static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); +static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); const X509V3_EXT_METHOD v3_alt[] = { { @@ -481,7 +481,7 @@ v2i_GENERAL_NAME(const X509V3_EXT_METHOD GENERAL_NAME * a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, int gen_type, char *value, int is_nc) + X509V3_CTX *ctx, int gen_type, const char *value, int is_nc) { char is_string = 0; GENERAL_NAME *gen = NULL; @@ -553,8 +553,7 @@ a2i_GENERAL_NAME(GENERAL_NAME *out, cons if (is_string) { if (!(gen->d.ia5 = ASN1_IA5STRING_new()) || - !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, - strlen(value))) { + !ASN1_STRING_set(gen->d.ia5, value, strlen(value))) { X509V3error(ERR_R_MALLOC_FAILURE); goto err; } @@ -609,7 +608,7 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, c } static int -do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) +do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) { char *objtmp = NULL, *p; int objlen; @@ -638,7 +637,7 @@ do_othername(GENERAL_NAME *gen, char *va } static int -do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) +do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) { int ret; STACK_OF(CONF_VALUE) *sk; Index: lib/libcrypto/x509v3/v3_conf.c =================================================================== RCS file: /cvs/src/lib/libcrypto/x509v3/v3_conf.c,v retrieving revision 1.22 diff -u -p -r1.22 v3_conf.c --- lib/libcrypto/x509v3/v3_conf.c 13 May 2018 17:49:02 -0000 1.22 +++ lib/libcrypto/x509v3/v3_conf.c 18 May 2018 15:56:45 -0000 @@ -411,27 +411,23 @@ X509V3_EXT_REQ_add_nconf(CONF *conf, X50 /* Config database functions */ char * -X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) +X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { X509V3error(X509V3_R_OPERATION_NOT_DEFINED); return NULL; } - if (ctx->db_meth->get_string) - return ctx->db_meth->get_string(ctx->db, name, section); - return NULL; + return ctx->db_meth->get_string(ctx->db, name, section); } STACK_OF(CONF_VALUE) * -X509V3_get_section(X509V3_CTX *ctx, char *section) +X509V3_get_section(X509V3_CTX *ctx, const char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { X509V3error(X509V3_R_OPERATION_NOT_DEFINED); return NULL; } - if (ctx->db_meth->get_section) - return ctx->db_meth->get_section(ctx->db, section); - return NULL; + return ctx->db_meth->get_section(ctx->db, section); } void Index: lib/libcrypto/x509v3/v3_utl.c =================================================================== RCS file: /cvs/src/lib/libcrypto/x509v3/v3_utl.c,v retrieving revision 1.28 diff -u -p -r1.28 v3_utl.c --- lib/libcrypto/x509v3/v3_utl.c 25 Apr 2018 11:48:21 -0000 1.28 +++ lib/libcrypto/x509v3/v3_utl.c 18 May 2018 15:56:45 -0000 @@ -140,7 +140,7 @@ X509V3_add_value_bool(const char *name, } int -X509V3_add_value_bool_nf(char *name, int asn1_bool, +X509V3_add_value_bool_nf(const char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist) { if (asn1_bool) @@ -246,7 +246,7 @@ X509V3_add_value_int(const char *name, A } int -X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) +X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) { char *btmp; @@ -271,7 +271,7 @@ err: } int -X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) +X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) { ASN1_INTEGER *itmp; Index: lib/libcrypto/x509v3/x509v3.h =================================================================== RCS file: /cvs/src/lib/libcrypto/x509v3/x509v3.h,v retrieving revision 1.25 diff -u -p -r1.25 x509v3.h --- lib/libcrypto/x509v3/x509v3.h 13 May 2018 17:49:03 -0000 1.25 +++ lib/libcrypto/x509v3/x509v3.h 18 May 2018 15:56:45 -0000 @@ -686,7 +686,7 @@ extern const ASN1_ITEM POLICY_CONSTRAINT GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - int gen_type, char *value, int is_nc); + int gen_type, const char *value, int is_nc); #ifdef HEADER_CONF_H GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, @@ -720,16 +720,17 @@ int X509V3_EXT_REQ_add_conf(LHASH_OF(CON int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *section, X509_CRL *crl); -int X509V3_add_value_bool_nf(char *name, int asn1_bool, +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist); -int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); -int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); #endif -char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); -STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, + const char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); void X509V3_string_free(X509V3_CTX *ctx, char *str); void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,