diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-23 08:30:37 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-23 08:30:37 +0100 |
| commit | 8cc86b81ac20ff3e933ea7fd107a5a6066032330 (patch) | |
| tree | 5ce8dc7269dd084b99a2ee8ca4b347c68bb51ed8 | |
| parent | 7e06a6758bef584deabc9cb4b0d21b3e664b25c9 (diff) | |
Constify various mostly X509-related parameter types in crypto/ and apps/
in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *,
also some result types of new functions, which does not break compatibility
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/10504)
71 files changed, 353 insertions, 317 deletions
@@ -1430,7 +1430,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { - X509_NAME *name = NULL, *CAname = NULL, *subject = NULL; + const X509_NAME *name = NULL; + X509_NAME *CAname = NULL, *subject = NULL; const ASN1_TIME *tm; ASN1_STRING *str, *str2; ASN1_OBJECT *obj; diff --git a/apps/include/apps.h b/apps/include/apps.h index de068d9670..2d22192925 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -91,7 +91,7 @@ int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data); int chopup_args(ARGS *arg, char *buf); int dump_cert_text(BIO *out, X509 *x); -void print_name(BIO *out, const char *title, X509_NAME *nm, +void print_name(BIO *out, const char *title, const X509_NAME *nm, unsigned long lflags); void print_bignum_var(BIO *, const BIGNUM *, const char*, int, unsigned char *); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index d407c19895..7c2a5ea5e7 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -968,7 +968,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, return 0; } -void print_name(BIO *out, const char *title, X509_NAME *nm, +void print_name(BIO *out, const char *title, const X509_NAME *nm, unsigned long lflags) { char *buf; @@ -1900,7 +1900,8 @@ static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp) * anything. */ -static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm) +static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx, + const X509_NAME *nm) { X509 *x; STACK_OF(X509_CRL) *crls = NULL; diff --git a/apps/ocsp.c b/apps/ocsp.c index 3c6b8cbd88..411f605814 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1081,7 +1081,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, STACK_OF(OCSP_CERTID) *ids) { OCSP_CERTID *id; - X509_NAME *iname; + const X509_NAME *iname; ASN1_BIT_STRING *ikey; ASN1_INTEGER *sno; diff --git a/apps/rehash.c b/apps/rehash.c index e67b27fd15..e21b1b84ae 100644 --- a/apps/rehash.c +++ b/apps/rehash.c @@ -233,7 +233,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) { STACK_OF (X509_INFO) *inf = NULL; X509_INFO *x; - X509_NAME *name = NULL; + const X509_NAME *name = NULL; BIO *b; const char *ext; unsigned char digest[EVP_MAX_MD_SIZE]; diff --git a/apps/req.c b/apps/req.c index a8db866523..4d65fc2831 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1107,8 +1107,7 @@ static int prompt_info(X509_REQ *req, char *type, *value; const char *def; CONF_VALUE *v; - X509_NAME *subj; - subj = X509_REQ_get_subject_name(req); + X509_NAME *subj = X509_REQ_get_subject_name(req); if (!batch) { BIO_printf(bio_err, @@ -1193,8 +1192,7 @@ static int prompt_info(X509_REQ *req, return 0; } if (X509_NAME_entry_count(subj) == 0) { - BIO_printf(bio_err, - "error, no objects specified in config file\n"); + BIO_printf(bio_err, "error, no objects specified in config file\n"); return 0; } diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index ca1c9fc6de..35bd163acb 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -750,7 +750,7 @@ int BIO_set_ex_data(BIO *bio, int idx, void *data) return CRYPTO_set_ex_data(&(bio->ex_data), idx, data); } -void *BIO_get_ex_data(BIO *bio, int idx) +void *BIO_get_ex_data(const BIO *bio, int idx) { return CRYPTO_get_ex_data(&(bio->ex_data), idx); } diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index 9d6d6ceb2c..4c213aa891 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -266,8 +266,8 @@ int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr) /* fill in all fields of the hdr according to the info given in ctx */ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) { - X509_NAME *sender; - X509_NAME *rcp = NULL; + const X509_NAME *sender; + const X509_NAME *rcp = NULL; if (!ossl_assert(ctx != NULL && hdr != NULL)) return 0; diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 353c7ce995..688ccabd7c 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -56,7 +56,7 @@ struct ossl_cmp_ctx_st { int unprotectedErrors; X509 *srvCert; /* certificate used to identify the server */ X509 *validatedSrvCert; /* caches any already validated server cert */ - X509_NAME *expected_sender; /* expected sender in pkiheader of response */ + X509_NAME *expected_sender; /* expected sender in header of response */ X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */ STACK_OF(X509) *untrusted_certs; /* untrusted (intermediate) certs */ int ignore_keyusage; /* ignore key usage entry when validating certs */ @@ -95,7 +95,7 @@ struct ossl_cmp_ctx_st { int newPkey_priv; /* flag indicating if newPkey contains private key */ X509_NAME *issuer; /* issuer name to used in cert template */ int days; /* Number of days new certificates are asked to be valid for */ - X509_NAME *subjectName; /* subject name to be used in the cert template */ + X509_NAME *subjectName; /* subject name to be used in cert template */ STACK_OF(GENERAL_NAME) *subjectAltNames; /* to add to the cert template */ int SubjectAltName_nodefault; int setSubjectAltNameCritical; diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 7a1acc2c0b..e4a4f1f3b3 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -185,8 +185,8 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) (sk_GENERAL_NAME_num((ctx)->subjectAltNames) > 0 \ || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) -static X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, - int bodytype) +static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, + int bodytype) { if (ctx->subjectName != NULL) return ctx->subjectName; @@ -212,7 +212,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) /* refcert defaults to current client cert */ EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); STACK_OF(GENERAL_NAME) *default_sans = NULL; - X509_NAME *subject = determine_subj(ctx, refcert, bodytype); + const X509_NAME *subject = determine_subj(ctx, refcert, bodytype); int crit = ctx->setSubjectAltNameCritical || subject == NULL; /* RFC5280: subjectAltName MUST be critical if subject is null */ X509_EXTENSIONS *exts = NULL; diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index a91f67b264..ce532b3110 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -249,7 +249,7 @@ static OSSL_CMP_MSG *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, OSSL_CMP_REVDETAILS *details; OSSL_CRMF_CERTID *certId; OSSL_CRMF_CERTTEMPLATE *tmpl; - X509_NAME *issuer; + const X509_NAME *issuer; ASN1_INTEGER *serial; OSSL_CMP_PKISI *si; diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index dd69372f3e..5058f7d2cf 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -567,14 +567,14 @@ ASN1_INTEGER } /* retrieves the issuer name of the given cert template or NULL on error */ -X509_NAME -*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) +const X509_NAME + *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) { return tmpl != NULL ? tmpl->issuer : NULL; } /* retrieves the issuer name of the given CertId or NULL on error */ -X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid) +const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid) { return cid != NULL && cid->issuer->type == GEN_DIRNAME ? cid->issuer->d.directoryName : NULL; @@ -600,9 +600,9 @@ int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, CRMFerr(CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL, CRMF_R_NULL_ARGUMENT); return 0; } - if (subject != NULL && !X509_NAME_set(&tmpl->subject, subject)) + if (subject != NULL && !X509_NAME_set((X509_NAME **)&tmpl->subject, subject)) return 0; - if (issuer != NULL && !X509_NAME_set(&tmpl->issuer, issuer)) + if (issuer != NULL && !X509_NAME_set((X509_NAME **)&tmpl->issuer, issuer)) return 0; if (serial != NULL) { ASN1_INTEGER_free(tmpl->serialNumber); diff --git a/crypto/crmf/crmf_local.h b/crypto/crmf/crmf_local.h index 3f3f75cf2f..3b9cbba8dd 100644 --- a/crypto/crmf/crmf_local.h +++ b/crypto/crmf/crmf_local.h @@ -315,9 +315,9 @@ struct ossl_crmf_certtemplate_st { /* This field is assigned by the CA during certificate creation */ X509_ALGOR *signingAlg; /* signingAlg MUST be omitted */ /* This field is assigned by the CA during certificate creation */ - X509_NAME *issuer; + const X509_NAME *issuer; OSSL_CRMF_OPTIONALVALIDITY *validity; - X509_NAME *subject; + const X509_NAME *subject; X509_PUBKEY *publicKey; ASN1_BIT_STRING *issuerUID; /* deprecated in version 2 */ /* According to rfc 3280: UniqueIdentifier ::= BIT STRING */ diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 7666e77d39..093695c637 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -171,7 +171,7 @@ int DH_set_ex_data(DH *d, int idx, void *arg) return CRYPTO_set_ex_data(&d->ex_data, idx, arg); } -void *DH_get_ex_data(DH *d, int idx) +void *DH_get_ex_data(const DH *d, int idx) { return CRYPTO_get_ex_data(&d->ex_data, idx); } diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 154048a3a3..e3205223e9 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -32,7 +32,7 @@ int DSA_set_ex_data(DSA *d, int idx, void *arg) return CRYPTO_set_ex_data(&d->ex_data, idx, arg); } -void *DSA_get_ex_data(DSA *d, int idx) +void *DSA_get_ex_data(const DSA *d, int idx) { return CRYPTO_get_ex_data(&d->ex_data, idx); } diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 597498c47c..c664a87cb1 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -310,8 +310,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) if (ctx->pkey == NULL) return 0; - new_mac_ctx = EVP_MAC_CTX_dup((EVP_MAC_CTX *)ctx->pkey - ->pkey.ptr); + new_mac_ctx = EVP_MAC_CTX_dup(ctx->pkey->pkey.ptr); if (new_mac_ctx == NULL) return 0; EVP_MAC_CTX_free(hctx->ctx); diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 8bd55038f2..6523dfec22 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -48,7 +48,7 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) /* Set requestorName from an X509_NAME structure */ -int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) +int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm) { GENERAL_NAME *gen; diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index bffcf09ddd..c8b698de39 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -430,7 +430,7 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This method * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. */ -X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls) +X509_EXTENSION *OCSP_url_svcloc_new(const X509_NAME *issuer, const char **urls) { X509_EXTENSION *x = NULL; ASN1_IA5STRING *ia5 = NULL; diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 797ac289d4..17a7b8eb93 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -22,7 +22,7 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, const X509 *issuer) { - X509_NAME *iname; + const X509_NAME *iname; const ASN1_INTEGER *serial; ASN1_BIT_STRING *ikey; if (!dgst) diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index a364c8a241..421d2f32bf 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -22,7 +22,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp); static int ocsp_check_delegated(X509 *x); static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - X509_NAME *nm, STACK_OF(X509) *certs, + const X509_NAME *nm, STACK_OF(X509) *certs, unsigned long flags); /* Verify a basic response message */ @@ -279,7 +279,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, /* If only one ID to match then do it */ if (cid) { const EVP_MD *dgst; - X509_NAME *iname; + const X509_NAME *iname; int mdlen; unsigned char md[EVP_MAX_MD_SIZE]; if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm)) @@ -340,7 +340,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags) { X509 *signer; - X509_NAME *nm; + const X509_NAME *nm; GENERAL_NAME *gen; int ret = 0; X509_STORE_CTX *ctx = X509_STORE_CTX_new(); @@ -414,7 +414,7 @@ end: } static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - X509_NAME *nm, STACK_OF(X509) *certs, + const X509_NAME *nm, STACK_OF(X509) *certs, unsigned long flags) { X509 *signer; diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index d39967ccc4..eaf666a80b 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -509,7 +509,7 @@ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name) } OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, - const ASN1_INTEGER *serial) + const ASN1_INTEGER *serial) { OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); @@ -589,7 +589,7 @@ X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion) } const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH - *criterion) + *criterion) { return criterion->serial; } diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h index c53d4514db..7c4d65b961 100644 |