diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-23 08:30:37 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-23 08:30:37 +0100 |
| commit | 8cc86b81ac20ff3e933ea7fd107a5a6066032330 (patch) | |
| tree | 5ce8dc7269dd084b99a2ee8ca4b347c68bb51ed8 /include | |
| parent | 7e06a6758bef584deabc9cb4b0d21b3e664b25c9 (diff) | |
Constify various mostly X509-related parameter types in crypto/ and apps/
in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *,
also some result types of new functions, which does not break compatibility
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/10504)
Diffstat (limited to 'include')
| -rw-r--r-- | include/crypto/x509.h | 7 | ||||
| -rw-r--r-- | include/openssl/bio.h | 2 | ||||
| -rw-r--r-- | include/openssl/crmf.h | 5 | ||||
| -rw-r--r-- | include/openssl/dh.h | 2 | ||||
| -rw-r--r-- | include/openssl/dsa.h | 2 | ||||
| -rw-r--r-- | include/openssl/ocsp.h | 8 | ||||
| -rw-r--r-- | include/openssl/ui.h | 2 | ||||
| -rw-r--r-- | include/openssl/x509.h | 45 | ||||
| -rw-r--r-- | include/openssl/x509_vfy.h | 158 | ||||
| -rw-r--r-- | include/openssl/x509v3.h | 2 |
10 files changed, 122 insertions, 111 deletions
diff --git a/include/crypto/x509.h b/include/crypto/x509.h index edd85b6db0..d68150ff98 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -227,8 +227,11 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check policy status of the chain */ int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, + const X509_NAME *nm); + /* cannot constify 'ctx' param due to lookup_certs_sk() in x509_vfy.c */ + STACK_OF(X509_CRL) *(*lookup_crls) (const X509_STORE_CTX *ctx, + const X509_NAME *nm); int (*cleanup) (X509_STORE_CTX *ctx); /* The following is built up */ /* if 0, rebuild chain */ diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 8583362648..baf61f250e 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -566,7 +566,7 @@ int BIO_ctrl_reset_read_request(BIO *b); #define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) int BIO_set_ex_data(BIO *bio, int idx, void *data); -void *BIO_get_ex_data(BIO *bio, int idx); +void *BIO_get_ex_data(const BIO *bio, int idx); uint64_t BIO_number_read(BIO *bio); uint64_t BIO_number_written(BIO *bio); diff --git a/include/openssl/crmf.h b/include/openssl/crmf.h index b578906a67..ac310c8f5d 100644 --- a/include/openssl/crmf.h +++ b/include/openssl/crmf.h @@ -122,9 +122,10 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); -X509_NAME +const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); -X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); +const X509_NAME +*OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, EVP_PKEY *pubkey, diff --git a/include/openssl/dh.h b/include/openssl/dh.h index b26e94e8e9..8af0670ecf 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -155,7 +155,7 @@ DEPRECATEDIN_3_0(int DH_security_bits(const DH *dh)) CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) # endif DEPRECATEDIN_3_0(int DH_set_ex_data(DH *d, int idx, void *arg)) -DEPRECATEDIN_3_0(void *DH_get_ex_data(DH *d, int idx)) +DEPRECATEDIN_3_0(void *DH_get_ex_data(const DH *d, int idx)) /* Deprecated version */ DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index ac4d221b2d..c704d5d5c9 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -130,7 +130,7 @@ DEPRECATEDIN_3_0(int DSA_verify(int type, const unsigned char *dgst, CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) # endif DEPRECATEDIN_3_0(int DSA_set_ex_data(DSA *d, int idx, void *arg)) -DEPRECATEDIN_3_0(void *DSA_get_ex_data(DSA *d, int idx)) +DEPRECATEDIN_3_0(void *DSA_get_ex_data(const DSA *d, int idx)) DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPublicKey) DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPrivateKey) diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index 4b0f635cf7..5acd04b6ea 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -177,8 +177,8 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC; ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) # define OCSP_CERTSTATUS_dup(cs)\ - (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ - (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + (OCSP_CERTSTATUS*)ASN1_dup((i2d_of_void *)i2d_OCSP_CERTSTATUS,\ + (d2i_of_void *)d2i_OCSP_CERTSTATUS,(char *)(cs)) DECLARE_ASN1_DUP_FUNCTION(OCSP_CERTID) @@ -205,7 +205,7 @@ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); -int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm); int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); int OCSP_request_sign(OCSP_REQUEST *req, @@ -286,7 +286,7 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids); X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); -X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls); +X509_EXTENSION *OCSP_url_svcloc_new(const X509_NAME *issuer, const char **urls); int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); diff --git a/include/openssl/ui.h b/include/openssl/ui.h index 56fb6f580f..b170f4d41c 100644 --- a/include/openssl/ui.h +++ b/include/openssl/ui.h @@ -214,7 +214,7 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); # define UI_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) int UI_set_ex_data(UI *r, int idx, void *arg); -void *UI_get_ex_data(UI *r, int idx); +void *UI_get_ex_data(const UI *r, int idx); /* Use specific methods instead of the built-in one */ void UI_set_default_method(const UI_METHOD *meth); diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 82feb75efb..8952e392a8 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -342,7 +342,9 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), int (*crl_free) (X509_CRL *crl), int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, + const + ASN1_INTEGER *serial, + const X509_NAME *issuer), int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk)); @@ -564,7 +566,7 @@ DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) #define X509_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) int X509_set_ex_data(X509 *r, int idx, void *arg); -void *X509_get_ex_data(X509 *r, int idx); +void *X509_get_ex_data(const X509 *r, int idx); DECLARE_ASN1_ENCODE_FUNCTIONS_only(X509,X509_AUX) int i2d_re_X509_tbs(X509 *x, unsigned char **pp); @@ -608,7 +610,7 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL) int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); int X509_CRL_get0_by_serial(X509_CRL *crl, - X509_REVOKED **ret, ASN1_INTEGER *serial); + X509_REVOKED **ret, const ASN1_INTEGER *serial); int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); X509_PKEY *X509_PKEY_new(void); @@ -655,10 +657,10 @@ int X509_set_version(X509 *x, long version); int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); ASN1_INTEGER *X509_get_serialNumber(X509 *x); const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); -int X509_set_issuer_name(X509 *x, X509_NAME *name); -X509_NAME *X509_get_issuer_name(const X509 *a); -int X509_set_subject_name(X509 *x, X509_NAME *name); -X509_NAME *X509_get_subject_name(const X509 *a); +int X509_set_issuer_name(X509 *x, const X509_NAME *name); +X509_NAME *X509_get_issuer_name(const X509 *a); /* TODO change to get0_ */ +int X509_set_subject_name(X509 *x, const X509_NAME *name); +X509_NAME *X509_get_subject_name(const X509 *a); /* TODO change to get0_ */ const ASN1_TIME * X509_get0_notBefore(const X509 *x); ASN1_TIME *X509_getm_notBefore(const X509 *x); int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); @@ -694,8 +696,8 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); long X509_REQ_get_version(const X509_REQ *req); int X509_REQ_set_version(X509_REQ *x, long version); -X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); -int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); /* TODO change to get0_ */ +int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); int X509_REQ_get_signature_nid(const X509_REQ *req); @@ -729,7 +731,7 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, const unsigned char *bytes, int len); int X509_CRL_set_version(X509_CRL *x, long version); -int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set_issuer_name(X509_CRL *x, const X509_NAME *name); int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_sort(X509_CRL *crl); @@ -745,7 +747,7 @@ const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) -X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); /* TODO change to get0_ */ const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, @@ -788,8 +790,8 @@ unsigned long X509_subject_name_hash_old(X509 *x); int X509_cmp(const X509 *a, const X509 *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); -unsigned long X509_NAME_hash(X509_NAME *x); -unsigned long X509_NAME_hash_old(X509_NAME *x); +unsigned long X509_NAME_hash(const X509_NAME *x); +unsigned long X509_NAME_hash_old(const X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); @@ -818,16 +820,17 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, int X509_REQ_print(BIO *bp, X509_REQ *req); int X509_NAME_entry_count(const X509_NAME *name); -int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); -int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, +int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, + char *buf, int len); +int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); /* * NOTE: you should be passing -1, not 0 as lastpos. The functions that use * lastpos, search after that position on. */ -int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); -int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, +int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); +int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); @@ -861,7 +864,7 @@ ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); -int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, +int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, size_t *pderlen); int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); @@ -991,9 +994,9 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, int X509_verify_cert(X509_STORE_CTX *ctx); /* lookup a cert from a X509 STACK */ -X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, - ASN1_INTEGER *serial); -X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name, + const ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name); DECLARE_ASN1_FUNCTIONS(PBEPARAM) DECLARE_ASN1_FUNCTIONS(PBE2PARAM) diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 75529b234e..99c3ab2048 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -80,10 +80,12 @@ typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); -typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, - X509_NAME *nm); -typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, - X509_NAME *nm); +typedef STACK_OF(X509) + *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, + const X509_NAME *nm); +typedef STACK_OF(X509_CRL) + *(*X509_STORE_CTX_lookup_crls_fn)(const X509_STORE_CTX *ctx, + const X509_NAME *nm); typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); @@ -269,10 +271,10 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); | X509_V_FLAG_INHIBIT_MAP) int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - X509_NAME *name); + const X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - X509_NAME *name); + const X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); int X509_OBJECT_up_ref_count(X509_OBJECT *a); @@ -281,72 +283,74 @@ void X509_OBJECT_free(X509_OBJECT *a); X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); -X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a); int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); int X509_STORE_lock(X509_STORE *ctx); int X509_STORE_unlock(X509_STORE *ctx); int X509_STORE_up_ref(X509_STORE *v); - -STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v); STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); -STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); -STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, + const X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st, + const X509_NAME *nm); int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); int X509_STORE_set_trust(X509_STORE *ctx, int trust); -int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); -X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); +int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx); void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); #define X509_STORE_set_verify_func(ctx, func) \ X509_STORE_set_verify((ctx),(func)) void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); -X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx); void X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); # define X509_STORE_set_verify_cb_func(ctx,func) \ X509_STORE_set_verify_cb((ctx),(func)) -X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx); +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx); void X509_STORE_set_get_issuer(X509_STORE *ctx, X509_STORE_CTX_get_issuer_fn get_issuer); -X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx); void X509_STORE_set_check_issued(X509_STORE *ctx, X509_STORE_CTX_check_issued_fn check_issued); -X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx); void X509_STORE_set_check_revocation(X509_STORE *ctx, X509_STORE_CTX_check_revocation_fn check_revocation); -X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx); +X509_STORE_CTX_check_revocation_fn + X509_STORE_get_check_revocation(const X509_STORE *ctx); void X509_STORE_set_get_crl(X509_STORE *ctx, X509_STORE_CTX_get_crl_fn get_crl); -X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx); +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx); void X509_STORE_set_check_crl(X509_STORE *ctx, X509_STORE_CTX_check_crl_fn check_crl); -X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx); void X509_STORE_set_cert_crl(X509_STORE *ctx, X509_STORE_CTX_cert_crl_fn cert_crl); -X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx); void X509_STORE_set_check_policy(X509_STORE *ctx, X509_STORE_CTX_check_policy_fn check_policy); -X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx); void X509_STORE_set_lookup_certs(X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs); -X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx); void X509_STORE_set_lookup_crls(X509_STORE *ctx, X509_STORE_CTX_lookup_crls_fn lookup_crls); #define X509_STORE_set_lookup_crls_cb(ctx, func) \ X509_STORE_set_lookup_crls((ctx), (func)) -X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx); void X509_STORE_set_cleanup(X509_STORE *ctx, X509_STORE_CTX_cleanup_fn cleanup); -X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx); #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); -void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx); +void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx); X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -358,24 +362,24 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); -X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); -X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); -STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); +STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_cb verify); -X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); -X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); -X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); -X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); -X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); -X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); -X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); -X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); -X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); -X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); -X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); -X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(const X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx); +X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(const X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(const X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(const X509_STORE_CTX *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain @@ -399,12 +403,12 @@ typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, + const X509_NAME *name, X509_OBJECT *ret); typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, - ASN1_INTEGER *serial, + const X509_NAME *name, + const ASN1_INTEGER *serial, X509_OBJECT *ret); typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, @@ -468,11 +472,12 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); -int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); +int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret); X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, - X509_NAME *name); + const X509_NAME *name); int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); @@ -485,9 +490,10 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); void X509_LOOKUP_free(X509_LOOKUP *ctx); int X509_LOOKUP_init(X509_LOOKUP *ctx); int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); + const X509_NAME *name, X509_OBJECT *ret); int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, + const X509_NAME *name, + const ASN1_INTEGER *serial, X509_OBJECT *ret); int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const unsigned char *bytes, int len, @@ -502,25 +508,26 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); int X509_STORE_load_file(X509_STORE *ctx, const char *file); int X509_STORE_load_path(X509_STORE *ctx, const char *path); int X509_STORE_load_store(X509_STORE *ctx, const char *store); -DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx, const char *file, - const char *dir)) +DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx, + const char *file, + const char *dir)) int X509_STORE_set_default_paths(X509_STORE *ctx); #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); -void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); -int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void *X509_STORE_CTX_get_ex_data(const X509_STORE_CTX *ctx, int idx); +int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); -int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); -X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); -X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); -X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); -X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); -STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); -STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); @@ -532,11 +539,11 @@ void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t); -X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); -int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); -int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(const X509_STORE_CTX *ctx); -X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); @@ -583,7 +590,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); -char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen); @@ -625,26 +632,23 @@ int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i); -STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const - X509_POLICY_TREE - *tree); +STACK_OF(X509_POLICY_NODE) + *X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); -STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const - X509_POLICY_TREE - *tree); +STACK_OF(X509_POLICY_NODE) + *X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); int X509_policy_level_node_count(X509_POLICY_LEVEL *level); -X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, +X509_POLICY_NODE *X509_policy_level_get0_node(const X509_POLICY_LEVEL *level, int i); const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); -STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const - X509_POLICY_NODE - *node); -const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE - *node); +STACK_OF(POLICYQUALINFO) + *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); +const X509_POLICY_NODE + *X509_policy_node_get0_parent(const X509_POLICY_NODE *node); #ifdef __cplusplus } diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index a4004867fc..4a96aad69f 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -530,7 +530,7 @@ DECLARE_ASN1_FUNCTIONS(DIST_POINT) DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) -int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname); int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); |