Constify the RSA parts of the ASN.1 library. Note some ugly casts

that are needed in the ASN.1 macros.  Hopefully, we can get rid of
those in an elegant way in the future.

9 files changed, 27 insertions, 23 deletions

diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
index 4512ba6cc6..be65b7b54f 100644
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -76,8 +76,8 @@ extern "C" {
 	ASN1_CTX c; \
 	type ret=NULL; \
 	\
-	c.pp=pp; \
-	c.q= *pp; \
+	c.pp=(unsigned char **)pp; \
+	c.q= *(unsigned char **)pp; \
 	c.error=ERR_R_NESTED_ASN1_ERROR; \
 	if ((a == NULL) || ((*a) == NULL)) \
 		{ if ((ret=(type)func()) == NULL) \
@@ -85,13 +85,13 @@ extern "C" {
 	else	ret=(*a);
 
 #define M_ASN1_D2I_Init() \
-	c.p= *pp; \
+	c.p= *(unsigned char **)pp; \
 	c.max=(length == 0)?0:(c.p+length);
 
 #define M_ASN1_D2I_Finish_2(a) \
 	if (!asn1_Finish(&c)) \
 		{ c.line=__LINE__; goto err; } \
-	*pp=c.p; \
+	*(unsigned char **)pp=c.p; \
 	if (a != NULL) (*a)=ret; \
 	return(ret);
 
@@ -99,7 +99,7 @@ extern "C" {
 	M_ASN1_D2I_Finish_2(a); \
 err:\
 	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*pp,(int)(c.q- *pp)); \
+	asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
 	return(NULL)
 
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index c92b8325d8..6c3096d6ff 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -84,7 +84,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 		{
 #ifndef NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
 			goto err;
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index e0d203cef7..fdbc0ac9e8 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -84,7 +84,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 		{
 #ifndef NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
diff --git a/crypto/asn1/d2i_r_pr.c b/crypto/asn1/d2i_r_pr.c
index 6c8a45f821..3d2dd65637 100644
--- a/crypto/asn1/d2i_r_pr.c
+++ b/crypto/asn1/d2i_r_pr.c
@@ -75,7 +75,7 @@ ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
 	return(&method);
 	}
 
-RSA *d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length)
+RSA *d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length)
 	{
 	int i=ASN1_R_PARSING;
 	ASN1_INTEGER *bs=NULL;
diff --git a/crypto/asn1/d2i_r_pu.c b/crypto/asn1/d2i_r_pu.c
index 9e5d41cf53..0d11d85983 100644
--- a/crypto/asn1/d2i_r_pu.c
+++ b/crypto/asn1/d2i_r_pu.c
@@ -68,7 +68,7 @@
 #define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
 #endif
 
-RSA *d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length)
+RSA *d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length)
 	{
 	int i=ASN1_R_PARSING;
 	ASN1_INTEGER *bs=NULL;
diff --git a/crypto/asn1/i2d_r_pr.c b/crypto/asn1/i2d_r_pr.c
index 88b1aac989..518f4af9a6 100644
--- a/crypto/asn1/i2d_r_pr.c
+++ b/crypto/asn1/i2d_r_pr.c
@@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
 
-int i2d_RSAPrivateKey(RSA *a, unsigned char **pp)
+int i2d_RSAPrivateKey(const RSA *a, unsigned char **pp)
 	{
 	BIGNUM *num[9];
 	unsigned char data[1];
diff --git a/crypto/asn1/i2d_r_pu.c b/crypto/asn1/i2d_r_pu.c
index 8178c2c3b3..4a07ff961e 100644
--- a/crypto/asn1/i2d_r_pu.c
+++ b/crypto/asn1/i2d_r_pu.c
@@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
 
-int i2d_RSAPublicKey(RSA *a, unsigned char **pp)
+int i2d_RSAPublicKey(const RSA *a, unsigned char **pp)
 	{
 	BIGNUM *num[2];
 	ASN1_INTEGER bs;
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 9840193538..b091eac5d2 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -80,12 +80,12 @@ static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, lo
 static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
 static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
 
-int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
 {
 	return i2d_RSA_NET(a, pp, cb, 0);
 }
 
-int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	{
 	int i,j,l[6];
 	NETSCAPE_PKEY *pkey;
@@ -205,18 +205,18 @@ err:
 	}
 
 
-RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
 {
 	return d2i_RSA_NET(a, pp, length, cb, 0);
 }
 
-RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey)
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
 	{
 	RSA *ret=NULL;
 	ASN1_OCTET_STRING *os=NULL;
 	ASN1_CTX c;
 
-	c.pp=pp;
+	c.pp=(unsigned char **)pp; /* TMP UGLY CAST */
 	c.error=ASN1_R_DECODING_ERROR;
 
 	M_ASN1_D2I_Init();
@@ -231,7 +231,8 @@ RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgck
 		}
 	M_ASN1_BIT_STRING_free(os);
 	c.q=c.p;
-	if ((ret=d2i_RSA_NET_2(a,&c.p,c.slen,cb, sgckey)) == NULL) goto err;
+	if ((ret=d2i_RSA_NET_2(a,(const unsigned char **)&c.p, /* TMP UGLY CAST */
+			       c.slen,cb, sgckey)) == NULL) goto err;
 	/* Note: some versions of IIS key files use length values that are
 	 * too small for the surrounding SEQUENCEs. This following line
 	 * effectively disable length checking.
@@ -241,13 +242,13 @@ RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgck
 	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
 	}
 
-RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
+RSA *d2i_Netscape_RSA_2(RSA **a, const unsigned char **pp, long length,
 	     int (*cb)())
 {
 	return d2i_RSA_NET_2(a, pp, length, cb, 0);
 }
 
-RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
+RSA *d2i_RSA_NET_2(RSA **a, const unsigned char **pp, long length,
 	     int (*cb)(), int sgckey)
 	{
 	NETSCAPE_PKEY *pkey=NULL;
@@ -261,7 +262,7 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
 	ASN1_CTX c;
 
 	c.error=ERR_R_NESTED_ASN1_ERROR;
-	c.pp=pp;
+	c.pp=(unsigned char **)pp;
 
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
@@ -310,7 +311,8 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
 		}
 		
 	zz=pkey->private_key->data;
-	if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
+	if ((ret=d2i_RSAPrivateKey(a,(const unsigned char **)&zz, /* TMP UGLY CAST */
+		pkey->private_key->length)) == NULL)
 		{
 		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
 		goto err;
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
index ae18da96e3..f204326386 100644
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -74,7 +74,7 @@ static int print(BIO *fp,const char *str,BIGNUM *num,
 		unsigned char *buf,int off);
 #ifndef NO_RSA
 #ifndef NO_FP_API
-int RSA_print_fp(FILE *fp, RSA *x, int off)
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
         {
         BIO *b;
         int ret;
@@ -91,7 +91,7 @@ int RSA_print_fp(FILE *fp, RSA *x, int off)
         }
 #endif
 
-int RSA_print(BIO *bp, RSA *x, int off)
+int RSA_print(BIO *bp, const RSA *x, int off)
 	{
 	char str[128];
 	const char *s;