diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-23 08:30:37 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-23 08:30:37 +0100 |
| commit | 8cc86b81ac20ff3e933ea7fd107a5a6066032330 (patch) | |
| tree | 5ce8dc7269dd084b99a2ee8ca4b347c68bb51ed8 /crypto | |
| parent | 7e06a6758bef584deabc9cb4b0d21b3e664b25c9 (diff) | |
Constify various mostly X509-related parameter types in crypto/ and apps/
in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *,
also some result types of new functions, which does not break compatibility
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/10504)
Diffstat (limited to 'crypto')
38 files changed, 158 insertions, 145 deletions
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index ca1c9fc6de..35bd163acb 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -750,7 +750,7 @@ int BIO_set_ex_data(BIO *bio, int idx, void *data) return CRYPTO_set_ex_data(&(bio->ex_data), idx, data); } -void *BIO_get_ex_data(BIO *bio, int idx) +void *BIO_get_ex_data(const BIO *bio, int idx) { return CRYPTO_get_ex_data(&(bio->ex_data), idx); } diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index 9d6d6ceb2c..4c213aa891 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -266,8 +266,8 @@ int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr) /* fill in all fields of the hdr according to the info given in ctx */ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) { - X509_NAME *sender; - X509_NAME *rcp = NULL; + const X509_NAME *sender; + const X509_NAME *rcp = NULL; if (!ossl_assert(ctx != NULL && hdr != NULL)) return 0; diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 353c7ce995..688ccabd7c 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -56,7 +56,7 @@ struct ossl_cmp_ctx_st { int unprotectedErrors; X509 *srvCert; /* certificate used to identify the server */ X509 *validatedSrvCert; /* caches any already validated server cert */ - X509_NAME *expected_sender; /* expected sender in pkiheader of response */ + X509_NAME *expected_sender; /* expected sender in header of response */ X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */ STACK_OF(X509) *untrusted_certs; /* untrusted (intermediate) certs */ int ignore_keyusage; /* ignore key usage entry when validating certs */ @@ -95,7 +95,7 @@ struct ossl_cmp_ctx_st { int newPkey_priv; /* flag indicating if newPkey contains private key */ X509_NAME *issuer; /* issuer name to used in cert template */ int days; /* Number of days new certificates are asked to be valid for */ - X509_NAME *subjectName; /* subject name to be used in the cert template */ + X509_NAME *subjectName; /* subject name to be used in cert template */ STACK_OF(GENERAL_NAME) *subjectAltNames; /* to add to the cert template */ int SubjectAltName_nodefault; int setSubjectAltNameCritical; diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 7a1acc2c0b..e4a4f1f3b3 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -185,8 +185,8 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) (sk_GENERAL_NAME_num((ctx)->subjectAltNames) > 0 \ || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) -static X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, - int bodytype) +static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, + int bodytype) { if (ctx->subjectName != NULL) return ctx->subjectName; @@ -212,7 +212,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) /* refcert defaults to current client cert */ EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); STACK_OF(GENERAL_NAME) *default_sans = NULL; - X509_NAME *subject = determine_subj(ctx, refcert, bodytype); + const X509_NAME *subject = determine_subj(ctx, refcert, bodytype); int crit = ctx->setSubjectAltNameCritical || subject == NULL; /* RFC5280: subjectAltName MUST be critical if subject is null */ X509_EXTENSIONS *exts = NULL; diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index a91f67b264..ce532b3110 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -249,7 +249,7 @@ static OSSL_CMP_MSG *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, OSSL_CMP_REVDETAILS *details; OSSL_CRMF_CERTID *certId; OSSL_CRMF_CERTTEMPLATE *tmpl; - X509_NAME *issuer; + const X509_NAME *issuer; ASN1_INTEGER *serial; OSSL_CMP_PKISI *si; diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index dd69372f3e..5058f7d2cf 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -567,14 +567,14 @@ ASN1_INTEGER } /* retrieves the issuer name of the given cert template or NULL on error */ -X509_NAME -*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) +const X509_NAME + *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) { return tmpl != NULL ? tmpl->issuer : NULL; } /* retrieves the issuer name of the given CertId or NULL on error */ -X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid) +const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid) { return cid != NULL && cid->issuer->type == GEN_DIRNAME ? cid->issuer->d.directoryName : NULL; @@ -600,9 +600,9 @@ int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, CRMFerr(CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL, CRMF_R_NULL_ARGUMENT); return 0; } - if (subject != NULL && !X509_NAME_set(&tmpl->subject, subject)) + if (subject != NULL && !X509_NAME_set((X509_NAME **)&tmpl->subject, subject)) return 0; - if (issuer != NULL && !X509_NAME_set(&tmpl->issuer, issuer)) + if (issuer != NULL && !X509_NAME_set((X509_NAME **)&tmpl->issuer, issuer)) return 0; if (serial != NULL) { ASN1_INTEGER_free(tmpl->serialNumber); diff --git a/crypto/crmf/crmf_local.h b/crypto/crmf/crmf_local.h index 3f3f75cf2f..3b9cbba8dd 100644 --- a/crypto/crmf/crmf_local.h +++ b/crypto/crmf/crmf_local.h @@ -315,9 +315,9 @@ struct ossl_crmf_certtemplate_st { /* This field is assigned by the CA during certificate creation */ X509_ALGOR *signingAlg; /* signingAlg MUST be omitted */ /* This field is assigned by the CA during certificate creation */ - X509_NAME *issuer; + const X509_NAME *issuer; OSSL_CRMF_OPTIONALVALIDITY *validity; - X509_NAME *subject; + const X509_NAME *subject; X509_PUBKEY *publicKey; ASN1_BIT_STRING *issuerUID; /* deprecated in version 2 */ /* According to rfc 3280: UniqueIdentifier ::= BIT STRING */ diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 7666e77d39..093695c637 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -171,7 +171,7 @@ int DH_set_ex_data(DH *d, int idx, void *arg) return CRYPTO_set_ex_data(&d->ex_data, idx, arg); } -void *DH_get_ex_data(DH *d, int idx) +void *DH_get_ex_data(const DH *d, int idx) { return CRYPTO_get_ex_data(&d->ex_data, idx); } diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 154048a3a3..e3205223e9 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -32,7 +32,7 @@ int DSA_set_ex_data(DSA *d, int idx, void *arg) return CRYPTO_set_ex_data(&d->ex_data, idx, arg); } -void *DSA_get_ex_data(DSA *d, int idx) +void *DSA_get_ex_data(const DSA *d, int idx) { return CRYPTO_get_ex_data(&d->ex_data, idx); } diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 597498c47c..c664a87cb1 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -310,8 +310,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) if (ctx->pkey == NULL) return 0; - new_mac_ctx = EVP_MAC_CTX_dup((EVP_MAC_CTX *)ctx->pkey - ->pkey.ptr); + new_mac_ctx = EVP_MAC_CTX_dup(ctx->pkey->pkey.ptr); if (new_mac_ctx == NULL) return 0; EVP_MAC_CTX_free(hctx->ctx); diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 8bd55038f2..6523dfec22 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -48,7 +48,7 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) /* Set requestorName from an X509_NAME structure */ -int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) +int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm) { GENERAL_NAME *gen; diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index bffcf09ddd..c8b698de39 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -430,7 +430,7 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This method * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. */ -X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls) +X509_EXTENSION *OCSP_url_svcloc_new(const X509_NAME *issuer, const char **urls) { X509_EXTENSION *x = NULL; ASN1_IA5STRING *ia5 = NULL; diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 797ac289d4..17a7b8eb93 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -22,7 +22,7 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, const X509 *issuer) { - X509_NAME *iname; + const X509_NAME *iname; const ASN1_INTEGER *serial; ASN1_BIT_STRING *ikey; if (!dgst) diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index a364c8a241..421d2f32bf 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -22,7 +22,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp); static int ocsp_check_delegated(X509 *x); static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - X509_NAME *nm, STACK_OF(X509) *certs, + const X509_NAME *nm, STACK_OF(X509) *certs, unsigned long flags); /* Verify a basic response message */ @@ -279,7 +279,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, /* If only one ID to match then do it */ if (cid) { const EVP_MD *dgst; - X509_NAME *iname; + const X509_NAME *iname; int mdlen; unsigned char md[EVP_MAX_MD_SIZE]; if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm)) @@ -340,7 +340,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags) { X509 *signer; - X509_NAME *nm; + const X509_NAME *nm; GENERAL_NAME *gen; int ret = 0; X509_STORE_CTX *ctx = X509_STORE_CTX_new(); @@ -414,7 +414,7 @@ end: } static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - X509_NAME *nm, STACK_OF(X509) *certs, + const X509_NAME *nm, STACK_OF(X509) *certs, unsigned long flags) { X509 *signer; diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index d39967ccc4..eaf666a80b 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -509,7 +509,7 @@ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name) } OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, - const ASN1_INTEGER *serial) + const ASN1_INTEGER *serial) { OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); @@ -589,7 +589,7 @@ X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion) } const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH - *criterion) + *criterion) { return criterion->serial; } diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h index c53d4514db..7c4d65b961 100644 --- a/crypto/store/store_local.h +++ b/crypto/store/store_local.h @@ -73,7 +73,7 @@ struct ossl_store_search_st { * Used by OSSL_STORE_SEARCH_BY_NAME and * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ - X509_NAME *name; + X509_NAME *name; /* TODO constify this; leads to API incompatibility */ /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ const ASN1_INTEGER *serial; diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index ab51a24a53..f80214754e 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -578,7 +578,7 @@ int UI_set_ex_data(UI *r, int idx, void *arg) return CRYPTO_set_ex_data(&r->ex_data, idx, arg); } -void *UI_get_ex_data(UI *r, int idx) +void *UI_get_ex_data(const UI *r, int idx) { return CRYPTO_get_ex_data(&r->ex_data, idx); } diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 69950b7d61..006f2e643a 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -45,7 +45,7 @@ static int new_dir(X509_LOOKUP *lu); static void free_dir(X509_LOOKUP *lu); static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); + const X509_NAME *name, X509_OBJECT *ret); static X509_LOOKUP_METHOD x509_dir_lookup = { "Load certs from files in a directory", new_dir, /* new_item */ @@ -209,7 +209,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) } static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret) + const X509_NAME *name, X509_OBJECT *ret) { BY_DIR *ctx; union { @@ -228,11 +228,11 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, stmp.type = type; if (type == X509_LU_X509) { - data.st_x509.cert_info.subject = name; + data.st_x509.cert_info.subject = (X509_NAME *)name; /* won't modify it */ stmp.data.x509 = &data.st_x509; postfix = ""; } else if (type == X509_LU_CRL) { - data.crl.crl.issuer = name; + data.crl.crl.issuer = (X509_NAME *)name; /* won't modify it */ stmp.data.crl = &data.crl; postfix = "r"; } else { diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c index b2264d7123..ecc9be4a0a 100644 --- a/crypto/x509/by_store.c +++ b/crypto/x509/by_store.c @@ -151,9 +151,10 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, } static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret) + const X509_NAME *name, X509_OBJECT *ret) { - OSSL_STORE_SEARCH *criterion = OSSL_STORE_SEARCH_by_name(name); + OSSL_STORE_SEARCH *criterion = + OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */ int ok = by_store(ctx, type, criterion, ret); STACK_OF(X509_OBJECT) *store_objects = X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx)); diff --git a/crypto/x509/pcy_lib.c b/crypto/x509/pcy_lib.c index b392f13b1e..fbec0bd4df 100644 --- a/crypto/x509/pcy_lib.c +++ b/crypto/x509/pcy_lib.c @@ -69,7 +69,7 @@ int X509_policy_level_node_count(X509_POLICY_LEVEL *level) return n; } -X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i) +X509_POLICY_NODE *X509_policy_level_get0_node(const X509_POLICY_LEVEL *level, int i) { if (!level) return NULL; diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index eac299c09a..6ef979c4ff 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -227,7 +227,7 @@ int X509_ocspid_print(BIO *bp, X509 *x) int i; unsigned char SHA1md[SHA_DIGEST_LENGTH]; ASN1_BIT_STRING *keybstr; - X509_NAME *subj; + const X509_NAME *subj; /* * display the hash of the subject as it would appear in OCSP requests diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c index 4b60752ae8..24f44e4a0a 100644 --- a/crypto/x509/v3_crld.c +++ b/crypto/x509/v3_crld.c @@ -479,7 +479,7 @@ static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, return 1; } -int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname) { int i; STACK_OF(X509_NAME_ENTRY) *frag; diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c index 927aa8f982..fab9836d24 100644 --- a/crypto/x509/v3_ncons.c +++ b/crypto/x509/v3_ncons.c @@ -31,7 +31,7 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen); -static int nc_dn(X509_NAME *sub, X509_NAME *nm); +static int nc_dn(const X509_NAME *sub, const X509_NAME *nm); static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); @@ -400,7 +400,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) { int r, i; - X509_NAME *nm = X509_get_subject_name(x); + const X509_NAME *nm = X509_get_subject_name(x); ASN1_STRING stmp; GENERAL_NAME gntmp; @@ -543,7 +543,7 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) * subset of the name. */ -static int nc_dn(X509_NAME *nm, X509_NAME *base) +static int nc_dn(const X509_NAME *nm, const X509_NAME *base) { /* Ensure canonical encodings are up to date. */ if (nm->modified && i2d_X509_NAME(nm, NULL) < 0) diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index 3c39c8fda7..eae837ea88 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -304,7 +304,7 @@ int X509_supported_extension(X509_EXTENSION *ex) static int setup_dp(X509 *x, DIST_POINT *dp) { - X509_NAME *iname = NULL; + const X509_NAME *iname = NULL; int i; if (dp->reasons) { diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c index 19b552c3a3..d8abb6da24 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.c @@ -22,7 +22,7 @@ static char *strip_spaces(char *name); static int sk_strcmp(const char *const *a, const char *const *b); -static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, +static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name, GENERAL_NAMES *gens); static void str_free(OPENSSL_STRING str); static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email); @@ -463,7 +463,7 @@ STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x) return ret; } -static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, +static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name, GENERAL_NAMES *gens) { STACK_OF(OPENSSL_STRING) *ret = NULL; @@ -819,7 +819,7 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, unsigned int flags, int check_type, char **peername) { GENERAL_NAMES *gens = NULL; - X509_NAME *name = NULL; + const X509_NAME *name = NULL; int i; int cnid = NID_undef; int alt_type; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 9092c20f39..5b00038659 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -184,7 +184,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) } -unsigned long X509_NAME_hash(X509_NAME *x) +unsigned long X509_NAME_hash(const X509_NAME *x) { unsigned long ret = 0; unsigned char md[SHA_DIGEST_LENGTH]; @@ -207,7 +207,7 @@ unsigned long X509_NAME_hash(X509_NAME *x) * this is reasonably efficient. */ -unsigned long X509_NAME_hash_old(X509_NAME *x) +unsigned long X509_NAME_hash_old(const X509_NAME *x) { EVP_MD *md5 = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "-fips"); EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); @@ -235,8 +235,8 @@ unsigned long X509_NAME_hash_old(X509_NAME *x) #endif /* Search a stack of X509 for a match */ -X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, - ASN1_INTEGER *serial) +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name, + const ASN1_INTEGER *serial) { int i; X509 x, *x509 = NULL; @@ -245,7 +245,7 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, return NULL; x.cert_info.serialNumber = *serial; - x.cert_info.issuer = name; + x.cert_info.issuer = (X509_NAME *)name; /* won't modify it */ for (i = 0; i < sk_X509_num(sk); i++) { x509 = sk_X509_value(sk, i); @@ -255,7 +255,7 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, return NULL; } -X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) +X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name) { X509 *x509; int i; diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h index a8d8bafe4d..1f79a0f563 100644 --- a/crypto/x509/x509_local.h +++ b/crypto/x509/x509_local.h @@ -64,7 +64,7 @@ struct x509_crl_method_st { int (*crl_init) (X509_CRL *crl); int (*crl_free) (X509_CRL *crl); int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, X509_NAME *issuer); + const ASN1_INTEGER *ser, const X509_NAME *issuer); int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); }; @@ -77,9 +77,10 @@ struct x509_lookup_method_st { int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); + const X509_NAME *name, X509_OBJECT *ret); int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, + const X509_NAME *name, + const ASN1_INTEGER *serial, X509_OBJECT *ret); int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const unsigned char *bytes, int len, @@ -128,8 +129,11 @@ struct x509_store_st { int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check policy status of the chain */ int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, + const X509_NAME *nm); + /* cannot constify 'ctx' param due to lookup_certs_sk() in x509_vfy.c */ + STACK_OF(X509_CRL) *(*lookup_crls) (const X509_STORE_CTX *ctx, + const X509_NAME *nm); int (*cleanup) (X509_STORE_CTX *ctx); CRYPTO_EX_DATA ex_data; CRYPTO_REF_COUNT references; diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 9018d6e114..39814104d1 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -83,7 +83,7 @@ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, } int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret) + const X509_NAME *name, X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) return 0; @@ -93,7 +93,8 @@ int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, } int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, + const X509_NAME *name, + const ASN1_INTEGER *serial, X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL)) @@ -273,7 +274,7 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, - X509_NAME *name) + const X509_NAME *name) { X509_OBJECT *ret = X509_OBJECT_new(); @@ -286,8 +287,9 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, return ret; } -int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret) +int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret) |