From: Richard J. Moore <rich@kde.org>
Date: Sat, 30 Jul 2016 10:47:18 +0000 (+0100)
Subject: Make some more X509 functions const.
X-Git-Tag: OpenSSL_1_1_0-pre6~52
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=1421aeadd757e0c564314ba62521979d08884ccc

Make some more X509 functions const.

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1367)
---

diff --git a/apps/ca.c b/apps/ca.c
index 376c8a553b..3cad05d68d 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -980,14 +980,14 @@ end_of_options:
         if (verbose)
             BIO_printf(bio_err, "writing new certificates\n");
         for (i = 0; i < sk_X509_num(cert_sk); i++) {
-            ASN1_INTEGER *serialNumber = X509_get_serialNumber(x);
+            const ASN1_INTEGER *serialNumber = X509_get_serialNumber(x);
             int k;
             char *n;
 
             x = sk_X509_value(cert_sk, i);
 
             j = ASN1_STRING_length(serialNumber);
-            p = (const char *)ASN1_STRING_data(serialNumber);
+            p = (const char *)ASN1_STRING_data((ASN1_INTEGER *)serialNumber);
 
             if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
                 BIO_printf(bio_err, "certificate file name too long\n");
@@ -1685,7 +1685,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
         goto end;
 #endif
 
-    if (BN_to_ASN1_INTEGER(serial, X509_get_serialNumber(ret)) == NULL)
+    if (BN_to_ASN1_INTEGER(serial, (ASN1_INTEGER *)X509_get_serialNumber(ret)) == NULL)
         goto end;
     if (selfsign) {
         if (!X509_set_issuer_name(ret, subject))
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 5ff2f318b3..e850b4c01c 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -22,7 +22,7 @@
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
 {
     X509_NAME *iname;
-    ASN1_INTEGER *serial;
+    const ASN1_INTEGER *serial;
     ASN1_BIT_STRING *ikey;
     if (!dgst)
         dgst = EVP_sha1();
@@ -40,7 +40,7 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
 OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
                               X509_NAME *issuerName,
                               ASN1_BIT_STRING *issuerKey,
-                              ASN1_INTEGER *serialNumber)
+                              const ASN1_INTEGER *serialNumber)
 {
     int nid;
     unsigned int i;
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 191a8b051f..dffc8e241b 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -80,7 +80,7 @@ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
     return memcmp(a->sha1_hash, b->sha1_hash, 20);
 }
 
-X509_NAME *X509_get_issuer_name(X509 *a)
+X509_NAME *X509_get_issuer_name(const X509 *a)
 {
     return (a->cert_info.issuer);
 }
@@ -97,12 +97,12 @@ unsigned long X509_issuer_name_hash_old(X509 *x)
 }
 #endif
 
-X509_NAME *X509_get_subject_name(X509 *a)
+X509_NAME *X509_get_subject_name(const X509 *a)
 {
     return (a->cert_info.subject);
 }
 
-ASN1_INTEGER *X509_get_serialNumber(X509 *a)
+const ASN1_INTEGER *X509_get_serialNumber(const X509 *a)
 {
     return &a->cert_info.serialNumber;
 }
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 6addfbe72e..ecf5f04f20 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -110,17 +110,17 @@ int X509_up_ref(X509 *x)
     return ((i > 1) ? 1 : 0);
 }
 
-long X509_get_version(X509 *x)
+long X509_get_version(const X509 *x)
 {
     return ASN1_INTEGER_get(x->cert_info.version);
 }
 
-ASN1_TIME * X509_get_notBefore(X509 *x)
+ASN1_TIME * X509_get_notBefore(const X509 *x)
 {
     return x->cert_info.validity.notBefore;
 }
 
-ASN1_TIME *X509_get_notAfter(X509 *x)
+ASN1_TIME *X509_get_notAfter(const X509 *x)
 {
     return x->cert_info.validity.notAfter;
 }
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
index a468a5233e..ecf3a2d765 100644
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -187,7 +187,7 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
 OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
                               X509_NAME *issuerName,
                               ASN1_BIT_STRING *issuerKey,
-                              ASN1_INTEGER *serialNumber);
+                              const ASN1_INTEGER *serialNumber);
 
 OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
 
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 7546895fca..c2623f6df6 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -609,17 +609,17 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
                        X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
                        void *asn, EVP_MD_CTX *ctx);
 
-long X509_get_version(X509 *x);
+long X509_get_version(const X509 *x);
 int X509_set_version(X509 *x, long version);
 int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
-ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+const ASN1_INTEGER *X509_get_serialNumber(const X509 *x);
 int X509_set_issuer_name(X509 *x, X509_NAME *name);
-X509_NAME *X509_get_issuer_name(X509 *a);
+X509_NAME *X509_get_issuer_name(const X509 *a);
 int X509_set_subject_name(X509 *x, X509_NAME *name);
-X509_NAME *X509_get_subject_name(X509 *a);
-ASN1_TIME * X509_get_notBefore(X509 *x);
+X509_NAME *X509_get_subject_name(const X509 *a);
+ASN1_TIME * X509_get_notBefore(const X509 *x);
 int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
-ASN1_TIME *X509_get_notAfter(X509 *x);
+ASN1_TIME *X509_get_notAfter(const X509 *x);
 int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 int X509_up_ref(X509 *x);