From 8cc86b81ac20ff3e933ea7fd107a5a6066032330 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Mon, 23 Mar 2020 08:30:37 +0100 Subject: [PATCH] Constify various mostly X509-related parameter types in crypto/ and apps/ in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which does not break compatibility Reviewed-by: Tomas Mraz Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/10504) --- apps/ca.c | 3 +- apps/include/apps.h | 2 +- apps/lib/apps.c | 5 +- apps/ocsp.c | 2 +- apps/rehash.c | 2 +- apps/req.c | 6 +- crypto/bio/bio_lib.c | 2 +- crypto/cmp/cmp_hdr.c | 4 +- crypto/cmp/cmp_local.h | 4 +- crypto/cmp/cmp_msg.c | 6 +- crypto/cmp/cmp_server.c | 2 +- crypto/crmf/crmf_lib.c | 10 +- crypto/crmf/crmf_local.h | 4 +- crypto/dh/dh_lib.c | 2 +- crypto/dsa/dsa_lib.c | 2 +- crypto/evp/pkey_mac.c | 3 +- crypto/ocsp/ocsp_cl.c | 2 +- crypto/ocsp/ocsp_ext.c | 2 +- crypto/ocsp/ocsp_lib.c | 2 +- crypto/ocsp/ocsp_vfy.c | 8 +- crypto/store/store_lib.c | 4 +- crypto/store/store_local.h | 2 +- crypto/ui/ui_lib.c | 2 +- crypto/x509/by_dir.c | 8 +- crypto/x509/by_store.c | 5 +- crypto/x509/pcy_lib.c | 2 +- crypto/x509/t_x509.c | 2 +- crypto/x509/v3_crld.c | 2 +- crypto/x509/v3_ncons.c | 6 +- crypto/x509/v3_purp.c | 2 +- crypto/x509/v3_utl.c | 6 +- crypto/x509/x509_cmp.c | 12 +- crypto/x509/x509_local.h | 14 +- crypto/x509/x509_lu.c | 67 +++++---- crypto/x509/x509_r2x.c | 2 +- crypto/x509/x509_set.c | 4 +- crypto/x509/x509_vfy.c | 68 +++++---- crypto/x509/x509_vpm.c | 2 +- crypto/x509/x509cset.c | 2 +- crypto/x509/x509name.c | 16 +-- crypto/x509/x509rset.c | 2 +- crypto/x509/x_crl.c | 16 +-- crypto/x509/x_name.c | 2 +- crypto/x509/x_x509.c | 2 +- doc/man3/BIO_get_ex_new_index.pod | 2 +- doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod | 5 +- doc/man3/X509_CRL_get0_by_serial.pod | 2 +- doc/man3/X509_LOOKUP.pod | 6 +- doc/man3/X509_LOOKUP_meth_new.pod | 6 +- doc/man3/X509_NAME_get0_der.pod | 2 +- doc/man3/X509_NAME_get_index_by_NID.pod | 11 +- doc/man3/X509_STORE_CTX_get_error.pod | 10 +- doc/man3/X509_STORE_CTX_new.pod | 8 +- doc/man3/X509_STORE_get0_param.pod | 6 +- doc/man3/X509_STORE_set_verify_cb_func.pod | 38 +++-- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 2 +- doc/man3/X509_get_subject_name.pod | 8 +- include/crypto/x509.h | 7 +- include/openssl/bio.h | 2 +- include/openssl/crmf.h | 5 +- include/openssl/dh.h | 2 +- include/openssl/dsa.h | 2 +- include/openssl/ocsp.h | 8 +- include/openssl/ui.h | 2 +- include/openssl/x509.h | 45 +++--- include/openssl/x509_vfy.h | 158 +++++++++++---------- include/openssl/x509v3.h | 2 +- ssl/t1_lib.c | 2 +- test/cmp_ctx_test.c | 2 +- test/cmp_vfy_test.c | 2 +- test/ocspapitest.c | 2 +- 71 files changed, 353 insertions(+), 317 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 192e602028..a2cd4d98ef 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1430,7 +1430,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { - X509_NAME *name = NULL, *CAname = NULL, *subject = NULL; + const X509_NAME *name = NULL; + X509_NAME *CAname = NULL, *subject = NULL; const ASN1_TIME *tm; ASN1_STRING *str, *str2; ASN1_OBJECT *obj; diff --git a/apps/include/apps.h b/apps/include/apps.h index de068d9670..2d22192925 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -91,7 +91,7 @@ int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data); int chopup_args(ARGS *arg, char *buf); int dump_cert_text(BIO *out, X509 *x); -void print_name(BIO *out, const char *title, X509_NAME *nm, +void print_name(BIO *out, const char *title, const X509_NAME *nm, unsigned long lflags); void print_bignum_var(BIO *, const BIGNUM *, const char*, int, unsigned char *); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index d407c19895..7c2a5ea5e7 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -968,7 +968,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, return 0; } -void print_name(BIO *out, const char *title, X509_NAME *nm, +void print_name(BIO *out, const char *title, const X509_NAME *nm, unsigned long lflags) { char *buf; @@ -1900,7 +1900,8 @@ static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp) * anything. */ -static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm) +static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx, + const X509_NAME *nm) { X509 *x; STACK_OF(X509_CRL) *crls = NULL; diff --git a/apps/ocsp.c b/apps/ocsp.c index 3c6b8cbd88..411f605814 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1081,7 +1081,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, STACK_OF(OCSP_CERTID) *ids) { OCSP_CERTID *id; - X509_NAME *iname; + const X509_NAME *iname; ASN1_BIT_STRING *ikey; ASN1_INTEGER *sno; diff --git a/apps/rehash.c b/apps/rehash.c index e67b27fd15..e21b1b84ae 100644 --- a/apps/rehash.c +++ b/apps/rehash.c @@ -233,7 +233,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) { STACK_OF (X509_INFO) *inf = NULL; X509_INFO *x; - X509_NAME *name = NULL; + const X509_NAME *name = NULL; BIO *b; const char *ext; unsigned char digest[EVP_MAX_MD_SIZE]; diff --git a/apps/req.c b/apps/req.c index a8db866523..4d65fc2831 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1107,8 +1107,7 @@ static int prompt_info(X509_REQ *req, char *type, *value; const char *def; CONF_VALUE *v; - X509_NAME *subj; - subj = X509_REQ_get_subject_name(req); + X509_NAME *subj = X509_REQ_get_subject_name(req); if (!batch) { BIO_printf(bio_err, @@ -1193,8 +1192,7 @@ static int prompt_info(X509_REQ *req, return 0; } if (X509_NAME_entry_count(subj) == 0) { - BIO_printf(bio_err, - "error, no objects specified in config file\n"); + BIO_printf(bio_err, "error, no objects specified in config file\n"); return 0; } diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index ca1c9fc6de..35bd163acb 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -750,7 +750,7 @@ int BIO_set_ex_data(BIO *bio, int idx, void *data) return CRYPTO_set_ex_data(&(bio->ex_data), idx, data); } -void *BIO_get_ex_data(BIO *bio, int idx) +void *BIO_get_ex_data(const BIO *bio, int idx) { return CRYPTO_get_ex_data(&(bio->ex_data), idx); } diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index 9d6d6ceb2c..4c213aa891 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -266,8 +266,8 @@ int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr) /* fill in all fields of the hdr according to the info given in ctx */ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) { - X509_NAME *sender; - X509_NAME *rcp = NULL; + const X509_NAME *sender; + const X509_NAME *rcp = NULL; if (!ossl_assert(ctx != NULL && hdr != NULL)) return 0; diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 353c7ce995..688ccabd7c 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -56,7 +56,7 @@ struct ossl_cmp_ctx_st { int unprotectedErrors; X509 *srvCert; /* certificate used to identify the server */ X509 *validatedSrvCert; /* caches any already validated server cert */ - X509_NAME *expected_sender; /* expected sender in pkiheader of response */ + X509_NAME *expected_sender; /* expected sender in header of response */ X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */ STACK_OF(X509) *untrusted_certs; /* untrusted (intermediate) certs */ int ignore_keyusage; /* ignore key usage entry when validating certs */ @@ -95,7 +95,7 @@ struct ossl_cmp_ctx_st { int newPkey_priv; /* flag indicating if newPkey contains private key */ X509_NAME *issuer; /* issuer name to used in cert template */ int days; /* Number of days new certificates are asked to be valid for */ - X509_NAME *subjectName; /* subject name to be used in the cert template */ + X509_NAME *subjectName; /* subject name to be used in cert template */ STACK_OF(GENERAL_NAME) *subjectAltNames; /* to add to the cert template */ int SubjectAltName_nodefault; int setSubjectAltNameCritical; diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 7a1acc2c0b..e4a4f1f3b3 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -185,8 +185,8 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) (sk_GENERAL_NAME_num((ctx)->subjectAltNames) > 0 \ || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) -static X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, - int bodytype) +static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, + int bodytype) { if (ctx->subjectName != NULL) return ctx->subjectName; @@ -212,7 +212,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) /* refcert defaults to current client cert */ EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); STACK_OF(GENERAL_NAME) *default_sans = NULL; - X509_NAME *subject = determine_subj(ctx, refcert, bodytype); + const X509_NAME *subject = determine_subj(ctx, refcert, bodytype); int crit = ctx->setSubjectAltNameCritical || subject == NULL; /* RFC5280: subjectAltName MUST be critical if subject is null */ X509_EXTENSIONS *exts = NULL; diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index a91f67b264..ce532b3110 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -249,7 +249,7 @@ static OSSL_CMP_MSG *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, OSSL_CMP_REVDETAILS *details; OSSL_CRMF_CERTID *certId; OSSL_CRMF_CERTTEMPLATE *tmpl; - X509_NAME *issuer; + const X509_NAME *issuer; ASN1_INTEGER *serial; OSSL_CMP_PKISI *si; diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index dd69372f3e..5058f7d2cf 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -567,14 +567,14 @@ ASN1_INTEGER } /* retrieves the issuer name of the given cert template or NULL on error */ -X509_NAME -*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) +const X509_NAME + *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) { return tmpl != NULL ? tmpl->issuer : NULL; } /* retrieves the issuer name of the given CertId or NULL on error */ -X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid) +const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid) { return cid != NULL && cid->issuer->type == GEN_DIRNAME ? cid->issuer->d.directoryName : NULL; @@ -600,9 +600,9 @@ int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, CRMFerr(CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL, CRMF_R_NULL_ARGUMENT); return 0; } - if (subject != NULL && !X509_NAME_set(&tmpl->subject, subject)) + if (subject != NULL && !X509_NAME_set((X509_NAME **)&tmpl->subject, subject)) return 0; - if (issuer != NULL && !X509_NAME_set(&tmpl->issuer, issuer)) + if (issuer != NULL && !X509_NAME_set((X509_NAME **)&tmpl->issuer, issuer)) return 0; if (serial != NULL) { ASN1_INTEGER_free(tmpl->serialNumber); diff --git a/crypto/crmf/crmf_local.h b/crypto/crmf/crmf_local.h index 3f3f75cf2f..3b9cbba8dd 100644 --- a/crypto/crmf/crmf_local.h +++ b/crypto/crmf/crmf_local.h @@ -315,9 +315,9 @@ struct ossl_crmf_certtemplate_st { /* This field is assigned by the CA during certificate creation */ X509_ALGOR *signingAlg; /* signingAlg MUST be omitted */ /* This field is assigned by the CA during certificate creation */ - X509_NAME *issuer; + const X509_NAME *issuer; OSSL_CRMF_OPTIONALVALIDITY *validity; - X509_NAME *subject; + const X509_NAME *subject; X509_PUBKEY *publicKey; ASN1_BIT_STRING *issuerUID; /* deprecated in version 2 */ /* According to rfc 3280: UniqueIdentifier ::= BIT STRING */ diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 7666e77d39..093695c637 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -171,7 +171,7 @@ int DH_set_ex_data(DH *d, int idx, void *arg) return CRYPTO_set_ex_data(&d->ex_data, idx, arg); } -void *DH_get_ex_data(DH *d, int idx) +void *DH_get_ex_data(const DH *d, int idx) { return CRYPTO_get_ex_data(&d->ex_data, idx); } diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 154048a3a3..e3205223e9 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -32,7 +32,7 @@ int DSA_set_ex_data(DSA *d, int idx, void *arg) return CRYPTO_set_ex_data(&d->ex_data, idx, arg); } -void *DSA_get_ex_data(DSA *d, int idx) +void *DSA_get_ex_data(const DSA *d, int idx) { return CRYPTO_get_ex_data(&d->ex_data, idx); } diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 597498c47c..c664a87cb1 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -310,8 +310,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) if (ctx->pkey == NULL) return 0; - new_mac_ctx = EVP_MAC_CTX_dup((EVP_MAC_CTX *)ctx->pkey - ->pkey.ptr); + new_mac_ctx = EVP_MAC_CTX_dup(ctx->pkey->pkey.ptr); if (new_mac_ctx == NULL) return 0; EVP_MAC_CTX_free(hctx->ctx); diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 8bd55038f2..6523dfec22 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -48,7 +48,7 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) /* Set requestorName from an X509_NAME structure */ -int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) +int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm) { GENERAL_NAME *gen; diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index bffcf09ddd..c8b698de39 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -430,7 +430,7 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This method * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. */ -X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls) +X509_EXTENSION *OCSP_url_svcloc_new(const X509_NAME *issuer, const char **urls) { X509_EXTENSION *x = NULL; ASN1_IA5STRING *ia5 = NULL; diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 797ac289d4..17a7b8eb93 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -22,7 +22,7 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, const X509 *issuer) { - X509_NAME *iname; + const X509_NAME *iname; const ASN1_INTEGER *serial; ASN1_BIT_STRING *ikey; if (!dgst) diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index a364c8a241..421d2f32bf 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -22,7 +22,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp); static int ocsp_check_delegated(X509 *x); static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - X509_NAME *nm, STACK_OF(X509) *certs, + const X509_NAME *nm, STACK_OF(X509) *certs, unsigned long flags); /* Verify a basic response message */ @@ -279,7 +279,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, /* If only one ID to match then do it */ if (cid) { const EVP_MD *dgst; - X509_NAME *iname; + const X509_NAME *iname; int mdlen; unsigned char md[EVP_MAX_MD_SIZE]; if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm)) @@ -340,7 +340,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags) { X509 *signer; - X509_NAME *nm; + const X509_NAME *nm; GENERAL_NAME *gen; int ret = 0; X509_STORE_CTX *ctx = X509_STORE_CTX_new(); @@ -414,7 +414,7 @@ end: } static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - X509_NAME *nm, STACK_OF(X509) *certs, + const X509_NAME *nm, STACK_OF(X509) *certs, unsigned long flags) { X509 *signer; diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index d39967ccc4..eaf666a80b 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -509,7 +509,7 @@ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name) } OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, - const ASN1_INTEGER *serial) + const ASN1_INTEGER *serial) { OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); @@ -589,7 +589,7 @@ X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion) } const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH - *criterion) + *criterion) { return criterion->serial; } diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h index c53d4514db..7c4d65b961 100644 --- a/crypto/store/store_local.h +++ b/crypto/store/store_local.h @@ -73,7 +73,7 @@ struct ossl_store_search_st { * Used by OSSL_STORE_SEARCH_BY_NAME and * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ - X509_NAME *name; + X509_NAME *name; /* TODO constify this; leads to API incompatibility */ /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ const ASN1_INTEGER *serial; diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index ab51a24a53..f80214754e 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -578,7 +578,7 @@ int UI_set_ex_data(UI *r, int idx, void *arg) return CRYPTO_set_ex_data(&r->ex_data, idx, arg); } -void *UI_get_ex_data(UI *r, int idx) +void *UI_get_ex_data(const UI *r, int idx) { return CRYPTO_get_ex_data(&r->ex_data, idx); } diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 69950b7d61..006f2e643a 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -45,7 +45,7 @@ static int new_dir(X509_LOOKUP *lu); static void free_dir(X509_LOOKUP *lu); static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); + const X509_NAME *name, X509_OBJECT *ret); static X509_LOOKUP_METHOD x509_dir_lookup = { "Load certs from files in a directory", new_dir, /* new_item */ @@ -209,7 +209,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) } static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret) + const X509_NAME *name, X509_OBJECT *ret) { BY_DIR *ctx; union { @@ -228,11 +228,11 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, stmp.type = type; if (type == X509_LU_X509) { - data.st_x509.cert_info.subject = name; + data.st_x509.cert_info.subject = (X509_NAME *)name; /* won't modify it */ stmp.data.x509 = &data.st_x509; postfix = ""; } else if (type == X509_LU_CRL) { - data.crl.crl.issuer = name; + data.crl.crl.issuer = (X509_NAME *)name; /* won't modify it */ stmp.data.crl = &data.crl; postfix = "r"; } else { diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c index b2264d7123..ecc9be4a0a 100644 --- a/crypto/x509/by_store.c +++ b/crypto/x509/by_store.c @@ -151,9 +151,10 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, } static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret) + const X509_NAME *name, X509_OBJECT *ret) { - OSSL_STORE_SEARCH *criterion = OSSL_STORE_SEARCH_by_name(name); + OSSL_STORE_SEARCH *criterion = + OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */ int ok = by_store(ctx, type, criterion, ret); STACK_OF(X509_OBJECT) *store_objects = X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx)); diff --git a/crypto/x509/pcy_lib.c b/crypto/x509/pcy_lib.c index b392f13b1e..fbec0bd4df 100644 --- a/crypto/x509/pcy_lib.c +++ b/crypto/x509/pcy_lib.c @@ -69,7 +69,7 @@ int X509_policy_level_node_count(X509_POLICY_LEVEL *level) return n; } -X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i) +X509_POLICY_NODE *X509_policy_level_get0_node(const X509_POLICY_LEVEL *level, int i) { if (!level) return NULL; diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index eac299c09a..6ef979c4ff 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -227,7 +227,7 @@ int X509_ocspid_print(BIO *bp, X509 *x) int i; unsigned char SHA1md[SHA_DIGEST_LENGTH]; ASN1_BIT_STRING *keybstr; - X509_NAME *subj; + const X509_NAME *subj; /* * display the hash of the subject as it would appear in OCSP requests diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c index 4b60752ae8..24f44e4a0a 100644 --- a/crypto/x509/v3_crld.c +++ b/crypto/x509/v3_crld.c @@ -479,7 +479,7 @@ static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, return 1; } -int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname) { int i; STACK_OF(X509_NAME_ENTRY) *frag; diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c index 927aa8f982..fab9836d24 100644 --- a/crypto/x509/v3_ncons.c +++ b/crypto/x509/v3_ncons.c @@ -31,7 +31,7 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen); -static int nc_dn(X509_NAME *sub, X509_NAME *nm); +static int nc_dn(const X509_NAME *sub, const X509_NAME *nm); static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); @@ -400,7 +400,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) { int r, i; - X509_NAME *nm = X509_get_subject_name(x); + const X509_NAME *nm = X509_get_subject_name(x); ASN1_STRING stmp; GENERAL_NAME gntmp; @@ -543,7 +543,7 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) * subset of the name. */ -static int nc_dn(X509_NAME *nm, X509_NAME *base) +static int nc_dn(const X509_NAME *nm, const X509_NAME *base) { /* Ensure canonical encodings are up to date. */ if (nm->modified && i2d_X509_NAME(nm, NULL) < 0) diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index 3c39c8fda7..eae837ea88 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -304,7 +304,7 @@ int X509_supported_extension(X509_EXTENSION *ex) static int setup_dp(X509 *x, DIST_POINT *dp) { - X509_NAME *iname = NULL; + const X509_NAME *iname = NULL; int i; if (dp->reasons) { diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c index 19b552c3a3..d8abb6da24 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.c @@ -22,7 +22,7 @@ static char *strip_spaces(char *name); static int sk_strcmp(const char *const *a, const char *const *b); -static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, +static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name, GENERAL_NAMES *gens); static void str_free(OPENSSL_STRING str); static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email); @@ -463,7 +463,7 @@ STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x) return ret; } -static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, +static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name, GENERAL_NAMES *gens) { STACK_OF(OPENSSL_STRING) *ret = NULL; @@ -819,7 +819,7 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, unsigned int flags, int check_type, char **peername) { GENERAL_NAMES *gens = NULL; - X509_NAME *name = NULL; + const X509_NAME *name = NULL; int i; int cnid = NID_undef; int alt_type; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 9092c20f39..5b00038659 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -184,7 +184,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) } -unsigned long X509_NAME_hash(X509_NAME *x) +unsigned long X509_NAME_hash(const X509_NAME *x) { unsigned long ret = 0; unsigned char md[SHA_DIGEST_LENGTH]; @@ -207,7 +207,7 @@ unsigned long X509_NAME_hash(X509_NAME *x) * this is reasonably efficient. */ -unsigned long X509_NAME_hash_old(X509_NAME *x) +unsigned long X509_NAME_hash_old(const X509_NAME *x) { EVP_MD *md5 = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "-fips"); EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); @@ -235,8 +235,8 @@ unsigned long X509_NAME_hash_old(X509_NAME *x) #endif /* Search a stack of X509 for a match */ -X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, - ASN1_INTEGER *serial) +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name, + const ASN1_INTEGER *serial) { int i; X509 x, *x509 = NULL; @@ -245,7 +245,7 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, return NULL; x.cert_info.serialNumber = *serial; - x.cert_info.issuer = name; + x.cert_info.issuer = (X509_NAME *)name; /* won't modify it */ for (i = 0; i < sk_X509_num(sk); i++) { x509 = sk_X509_value(sk, i); @@ -255,7 +255,7 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, return NULL; } -X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) +X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name) { X509 *x509; int i; diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h index a8d8bafe4d..1f79a0f563 100644 --- a/crypto/x509/x509_local.h +++ b/crypto/x509/x509_local.h @@ -64,7 +64,7 @@ struct x509_crl_method_st { int (*crl_init) (X509_CRL *crl); int (*crl_free) (X509_CRL *crl); int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, X509_NAME *issuer); + const ASN1_INTEGER *ser, const X509_NAME *issuer); int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); }; @@ -77,9 +77,10 @@ struct x509_lookup_method_st { int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); + const X509_NAME *name, X509_OBJECT *ret); int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, + const X509_NAME *name, + const ASN1_INTEGER *serial, X509_OBJECT *ret); int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const unsigned char *bytes, int len, @@ -128,8 +129,11 @@ struct x509_store_st { int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check policy status of the chain */ int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, + const X509_NAME *nm); + /* cannot constify 'ctx' param due to lookup_certs_sk() in x509_vfy.c */ + STACK_OF(X509_CRL) *(*lookup_crls) (const X509_STORE_CTX *ctx, + const X509_NAME *nm); int (*cleanup) (X509_STORE_CTX *ctx); CRYPTO_EX_DATA ex_data; CRYPTO_REF_COUNT references; diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 9018d6e114..39814104d1 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -83,7 +83,7 @@ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, } int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret) + const X509_NAME *name, X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) return 0; @@ -93,7 +93,8 @@ int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, } int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, + const X509_NAME *name, + const ASN1_INTEGER *serial, X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL)) @@ -273,7 +274,7 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, - X509_NAME *name) + const X509_NAME *name) { X509_OBJECT *ret = X509_OBJECT_new(); @@ -286,8 +287,9 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, return ret; } -int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret) +int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret) { X509_STORE *store = vs->store; X509_LOOKUP *lu; @@ -403,7 +405,7 @@ X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a) return a->data.x509; } -X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a) +X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a) { if (a == NULL || a->type != X509_LU_CRL) return NULL; @@ -472,7 +474,7 @@ void X509_OBJECT_free(X509_OBJECT *a) } static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - X509_NAME *name, int *pnmatch) + const X509_NAME *name, int *pnmatch) { X509_OBJECT stmp; X509 x509_s; @@ -483,11 +485,11 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, switch (type) { case X509_LU_X509: stmp.data.x509 = &x509_s; - x509_s.cert_info.subject = name; + x509_s.cert_info.subject = (X509_NAME *)name; /* won't modify it */ break; case X509_LU_CRL: stmp.data.crl = &crl_s; - crl_s.crl.issuer = name; + crl_s.crl.issuer = (X509_NAME *)name; /* won't modify it */ break; case X509_LU_NONE: /* abort(); */ @@ -511,14 +513,14 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, } int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - X509_NAME *name) + const X509_NAME *name) { return x509_object_idx_cnt(h, type, name, NULL); } X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - X509_NAME *name) + const X509_NAME *name) { int idx; idx = X509_OBJECT_idx_by_subject(h, type, name); @@ -527,11 +529,12 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, return sk_X509_OBJECT_value(h, idx); } -STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v) +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v) { return v->objs; } +/* TODO param type could be constified as change to lock is intermittent */ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store) { STACK_OF(X509) *sk; @@ -567,7 +570,8 @@ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store) return NULL; } -STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, + const X509_NAME *nm) { int i, idx, cnt; STACK_OF(X509) *sk = NULL; @@ -624,7 +628,8 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) return sk; } -STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *ctx, + const X509_NAME *nm) { int i, idx, cnt; STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); @@ -711,7 +716,7 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, */ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { - X509_NAME *xn; + const X509_NAME *xn; X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL; X509_STORE *store = ctx->store; int i, ok, idx, ret; @@ -800,12 +805,12 @@ int X509_STORE_set_trust(X509_STORE *ctx, int trust) return X509_VERIFY_PARAM_set_trust(ctx->param, trust); } -int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) +int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *param) { return X509_VERIFY_PARAM_set1(ctx->param, param); } -X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx) +X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx) { return ctx->param; } @@ -815,7 +820,7 @@ void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify) ctx->verify = verify; } -X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx) +X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx) { return ctx->verify; } @@ -826,7 +831,7 @@ void X509_STORE_set_verify_cb(X509_STORE *ctx, ctx->verify_cb = verify_cb; } -X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx) +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx) { return ctx->verify_cb; } @@ -837,7 +842,7 @@ void X509_STORE_set_get_issuer(X509_STORE *ctx, ctx->get_issuer = get_issuer; } -X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx) +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx) { return ctx->get_issuer; } @@ -848,7 +853,7 @@ void X509_STORE_set_check_issued(X509_STORE *ctx, ctx->check_issued = check_issued; } -X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx) +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx) { return ctx->check_issued; } @@ -859,7 +864,7 @@ void X509_STORE_set_check_revocation(X509_STORE *ctx, ctx->check_revocation = check_revocation; } -X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx) +X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(const X509_STORE *ctx) { return ctx->check_revocation; } @@ -870,7 +875,7 @@ void X509_STORE_set_get_crl(X509_STORE *ctx, ctx->get_crl = get_crl; } -X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx) +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx) { return ctx->get_crl; } @@ -881,7 +886,7 @@ void X509_STORE_set_check_crl(X509_STORE *ctx, ctx->check_crl = check_crl; } -X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx) +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx) { return ctx->check_crl; } @@ -892,7 +897,7 @@ void X509_STORE_set_cert_crl(X509_STORE *ctx, ctx->cert_crl = cert_crl; } -X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx) +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx) { return ctx->cert_crl; } @@ -903,7 +908,7 @@ void X509_STORE_set_check_policy(X509_STORE *ctx, ctx->check_policy = check_policy; } -X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx) +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx) { return ctx->check_policy; } @@ -914,7 +919,7 @@ void X509_STORE_set_lookup_certs(X509_STORE *ctx, ctx->lookup_certs = lookup_certs; } -X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx) +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx) { return ctx->lookup_certs; } @@ -925,7 +930,7 @@ void X509_STORE_set_lookup_crls(X509_STORE *ctx, ctx->lookup_crls = lookup_crls; } -X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx) +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx) { return ctx->lookup_crls; } @@ -936,7 +941,7 @@ void X509_STORE_set_cleanup(X509_STORE *ctx, ctx->cleanup = ctx_cleanup; } -X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx) +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx) { return ctx->cleanup; } @@ -946,12 +951,12 @@ int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data) return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); } -void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx) +void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx) { return CRYPTO_get_ex_data(&ctx->ex_data, idx); } -X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx) +X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx) { return ctx->store; } diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index d7dd3754f5..310d28bbad 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -21,7 +21,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) { X509 *ret = NULL; X509_CINF *xi = NULL; - X509_NAME *xn; + const X509_NAME *xn; EVP_PKEY *pubkey = NULL; if ((ret = X509_new()) == NULL) { diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 97676c2ecd..df45d9f14b 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -47,14 +47,14 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) return 1; } -int X509_set_issuer_name(X509 *x, X509_NAME *name) +int X509_set_issuer_name(X509 *x, const X509_NAME *name) { if (x == NULL) return 0; return X509_NAME_set(&x->cert_info.issuer, name); } -int X509_set_subject_name(X509 *x, X509_NAME *name) +int X509_set_subject_name(X509 *x, const X509_NAME *name) { if (x == NULL) return 0; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 07ca7ae31e..b338b63531 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -357,7 +357,8 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) return 0; } -static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) +static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, + const X509_NAME *nm) { STACK_OF(X509) *sk = NULL; X509 *x; @@ -1208,7 +1209,7 @@ static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, int *pcrl_score) { X509 *crl_issuer = NULL; - X509_NAME *cnm = X509_CRL_get_issuer(crl); + const X509_NAME *cnm = X509_CRL_get_issuer(crl); int cidx = ctx->error_depth; int i; @@ -1384,7 +1385,7 @@ static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) { int i; - X509_NAME *nm = X509_CRL_get_issuer(crl); + const X509_NAME *nm = X509_CRL_get_issuer(crl); /* If no CRLissuer return is successful iff don't need a match */ if (!dp->CRLissuer) return ! !(crl_score & CRL_SCORE_ISSUER_NAME); @@ -1443,7 +1444,7 @@ static int get_crl_delta(X509_STORE_CTX *ctx, unsigned int reasons; X509_CRL *crl = NULL, *dcrl = NULL; STACK_OF(X509_CRL) *skcrl; - X509_NAME *nm = X509_get_issuer_name(x); + const X509_NAME *nm = X509_get_issuer_name(x); reasons = ctx->current_reasons; ok = get_crl_sk(ctx, &crl, &dcrl, @@ -2048,12 +2049,12 @@ int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); } -void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) +void *X509_STORE_CTX_get_ex_data(const X509_STORE_CTX *ctx, int idx) { return CRYPTO_get_ex_data(&ctx->ex_data, idx); } -int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) +int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx) { return ctx->error; } @@ -2063,7 +2064,7 @@ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) ctx->error = err; } -int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) +int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx) { return ctx->error_depth; } @@ -2073,7 +2074,7 @@ void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth) ctx->error_depth = depth; } -X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) +X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx) { return ctx->current_cert; } @@ -2083,29 +2084,29 @@ void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x) ctx->current_cert = x; } -STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) +STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx) { return ctx->chain; } -STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) +STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx) { if (!ctx->chain) return NULL; return X509_chain_up_ref(ctx->chain); } -X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) +X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx) { return ctx->current_issuer; } -X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) +X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx) { return ctx->current_crl; } -X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx) { return ctx->parent; } @@ -2412,12 +2413,12 @@ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, X509_VERIFY_PARAM_set_time(ctx->param, t); } -X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) +X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx) { return ctx->cert; } -STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) +STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx) { return ctx->untrusted; } @@ -2439,7 +2440,7 @@ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, ctx->verify_cb = verify_cb; } -X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx) +X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(const X509_STORE_CTX *ctx) { return ctx->verify_cb; } @@ -2450,72 +2451,77 @@ void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, ctx->verify = verify; } -X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx) +X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx) { return ctx->verify; } -X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx) +X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx) { return ctx->get_issuer; } -X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx) +X509_STORE_CTX_check_issued_fn + X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx) { return ctx->check_issued; } -X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx) +X509_STORE_CTX_check_revocation_fn + X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx) { return ctx->check_revocation; } -X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx) +X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx) { return ctx->get_crl; } -X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx) +X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx) { return ctx->check_crl; } -X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx) +X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx) { return ctx->cert_crl; } -X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx) +X509_STORE_CTX_check_policy_fn + X509_STORE_CTX_get_check_policy(const X509_STORE_CTX *ctx) { return ctx->check_policy; } -X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx) +X509_STORE_CTX_lookup_certs_fn + X509_STORE_CTX_get_lookup_certs(const X509_STORE_CTX *ctx) { return ctx->lookup_certs; } -X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx) +X509_STORE_CTX_lookup_crls_fn + X509_STORE_CTX_get_lookup_crls(const X509_STORE_CTX *ctx) { return ctx->lookup_crls; } -X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx) +X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx) { return ctx->cleanup; } -X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx) { return ctx->tree; } -int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) +int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx) { return ctx->explicit_policy; } -int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx) +int X509_STORE_CTX_get_num_untrusted(const X509_STORE_CTX *ctx) { return ctx->num_untrusted; } @@ -2530,7 +2536,7 @@ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) return X509_VERIFY_PARAM_inherit(ctx->param, param); } -X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(const X509_STORE_CTX *ctx) { return ctx->param; } diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 27156b9b4d..b2b34d988e 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -398,7 +398,7 @@ unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param) return param->hostflags; } -char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) +char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param) { return param->peername; } diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 2350995239..28b3aba080 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -27,7 +27,7 @@ int X509_CRL_set_version(X509_CRL *x, long version) return ASN1_INTEGER_set(x->crl.version, version); } -int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) +int X509_CRL_set_issuer_name(X509_CRL *x, const X509_NAME *name) { if (x == NULL) return 0; diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index 443ab42bdd..e674d6be57 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -16,7 +16,8 @@ #include #include "crypto/x509.h" -int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) +int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, + char *buf, int len) { ASN1_OBJECT *obj; @@ -26,7 +27,7 @@ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) return X509_NAME_get_text_by_OBJ(name, obj, buf, len); } -int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, +int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len) { int i; @@ -53,7 +54,7 @@ int X509_NAME_entry_count(const X509_NAME *name) return sk_X509_NAME_ENTRY_num(name->entries); } -int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) +int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos) { ASN1_OBJECT *obj; @@ -64,7 +65,8 @@ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) } /* NOTE: you should be passing -1, not 0 as lastpos */ -int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos) +int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, + int lastpos) { int n; X509_NAME_ENTRY *ne; @@ -216,11 +218,7 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, set = sk_X509_NAME_ENTRY_value(sk, loc)->set; } - /* - * X509_NAME_ENTRY_dup is ASN1 generated code, that can't be easily - * const'ified; harmless cast since dup() don't modify its input. - */ - if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL) + if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL) goto err; new_name->set = set; if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) { diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c index 3256ec2304..aeb5a55644 100644 --- a/crypto/x509/x509rset.c +++ b/crypto/x509/x509rset.c @@ -23,7 +23,7 @@ int X509_REQ_set_version(X509_REQ *x, long version) return ASN1_INTEGER_set(x->req_info.version, version); } -int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) +int X509_REQ_set_subject_name(X509_REQ *x, const X509_NAME *name) { if (x == NULL) return 0; diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index fb1d01f402..0f53be710f 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -27,8 +27,8 @@ ASN1_SEQUENCE(X509_REVOKED) = { static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); static int def_crl_lookup(X509_CRL *crl, - X509_REVOKED **ret, ASN1_INTEGER *serial, - X509_NAME *issuer); + X509_REVOKED **ret, const ASN1_INTEGER *serial, + const X509_NAME *issuer); static X509_CRL_METHOD int_crl_meth = { 0, @@ -354,7 +354,7 @@ int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) } int X509_CRL_get0_by_serial(X509_CRL *crl, - X509_REVOKED **ret, ASN1_INTEGER *serial) + X509_REVOKED **ret, const ASN1_INTEGER *serial) { if (crl->meth->crl_lookup) return crl->meth->crl_lookup(crl, ret, serial, NULL); @@ -376,7 +376,7 @@ static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) &crl->sig_alg, &crl->signature, &crl->crl, r)); } -static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, +static int crl_revoked_issuer_match(X509_CRL *crl, const X509_NAME *nm, X509_REVOKED *rev) { int i; @@ -404,8 +404,8 @@ static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, } static int def_crl_lookup(X509_CRL *crl, - X509_REVOKED **ret, ASN1_INTEGER *serial, - X509_NAME *issuer) + X509_REVOKED **ret, const ASN1_INTEGER *serial, + const X509_NAME *issuer) { X509_REVOKED rtmp, *rev; int idx, num; @@ -454,8 +454,8 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), int (*crl_free) (X509_CRL *crl), int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, - X509_NAME *issuer), + const ASN1_INTEGER *ser, + const X509_NAME *issuer), int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk)) { diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index 59d6531bf8..b820171b53 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -542,7 +542,7 @@ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) return 0; } -int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, +int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, size_t *pderlen) { /* Make sure encoding is valid */ diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index e3caf8d44a..75b17101a4 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -117,7 +117,7 @@ int X509_set_ex_data(X509 *r, int idx, void *arg) return CRYPTO_set_ex_data(&r->ex_data, idx, arg); } -void *X509_get_ex_data(X509 *r, int idx) +void *X509_get_ex_data(const X509 *r, int idx) { return CRYPTO_get_ex_data(&r->ex_data, idx); } diff --git a/doc/man3/BIO_get_ex_new_index.pod b/doc/man3/BIO_get_ex_new_index.pod index e7fa5a1e16..71de3e6848 100644 --- a/doc/man3/BIO_get_ex_new_index.pod +++ b/doc/man3/BIO_get_ex_new_index.pod @@ -39,7 +39,7 @@ X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data int TYPE_set_ex_data(TYPE *d, int idx, void *arg); - void *TYPE_get_ex_data(TYPE *d, int idx); + void *TYPE_get_ex_data(const TYPE *d, int idx); #define TYPE_set_app_data(TYPE *d, void *arg) #define TYPE_get_app_data(TYPE *d) diff --git a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod index 8a85f30cf9..c9d6d95a1b 100644 --- a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod +++ b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod @@ -18,10 +18,11 @@ OSSL_CRMF_MSG_get_certReqId OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(OSSL_CRMF_CERTTEMPLATE *tmpl); - X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(OSSL_CRMF_CERTTEMPLATE *tmpl); + const X509_NAME + *OSSL_CRMF_CERTTEMPLATE_get0_issuer(OSSL_CRMF_CERTTEMPLATE *tmpl); ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); - X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); + const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert, EVP_PKEY *pkey); diff --git a/doc/man3/X509_CRL_get0_by_serial.pod b/doc/man3/X509_CRL_get0_by_serial.pod index 3294a32abc..5deace4f7e 100644 --- a/doc/man3/X509_CRL_get0_by_serial.pod +++ b/doc/man3/X509_CRL_get0_by_serial.pod @@ -13,7 +13,7 @@ functions #include int X509_CRL_get0_by_serial(X509_CRL *crl, - X509_REVOKED **ret, ASN1_INTEGER *serial); + X509_REVOKED **ret, const ASN1_INTEGER *serial); int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); diff --git a/doc/man3/X509_LOOKUP.pod b/doc/man3/X509_LOOKUP.pod index f29aceb000..bd7470d2ba 100644 --- a/doc/man3/X509_LOOKUP.pod +++ b/doc/man3/X509_LOOKUP.pod @@ -40,10 +40,10 @@ X509_LOOKUP_by_alias X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); + const X509_NAME *name, X509_OBJECT *ret); int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, - X509_OBJECT *ret); + const X509_NAME *name, + const ASN1_INTEGER *serial, X509_OBJECT *ret); int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const unsigned char *bytes, int len, X509_OBJECT *ret); diff --git a/doc/man3/X509_LOOKUP_meth_new.pod b/doc/man3/X509_LOOKUP_meth_new.pod index 7a0dab7e69..ccf352f3b6 100644 --- a/doc/man3/X509_LOOKUP_meth_new.pod +++ b/doc/man3/X509_LOOKUP_meth_new.pod @@ -57,7 +57,7 @@ X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, + const X509_NAME *name, X509_OBJECT *ret); int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_subject_fn fn); @@ -66,8 +66,8 @@ X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, - ASN1_INTEGER *serial, + const X509_NAME *name, + const ASN1_INTEGER *serial, X509_OBJECT *ret); int X509_LOOKUP_meth_set_get_by_issuer_serial( X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); diff --git a/doc/man3/X509_NAME_get0_der.pod b/doc/man3/X509_NAME_get0_der.pod index 2bab4378b3..dd28b44376 100644 --- a/doc/man3/X509_NAME_get0_der.pod +++ b/doc/man3/X509_NAME_get0_der.pod @@ -8,7 +8,7 @@ X509_NAME_get0_der - get X509_NAME DER encoding #include - int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, + int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, size_t *pderlen) diff --git a/doc/man3/X509_NAME_get_index_by_NID.pod b/doc/man3/X509_NAME_get_index_by_NID.pod index f287849c0e..b8cbdf0145 100644 --- a/doc/man3/X509_NAME_get_index_by_NID.pod +++ b/doc/man3/X509_NAME_get_index_by_NID.pod @@ -10,14 +10,17 @@ X509_NAME lookup and enumeration functions #include - int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); - int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); + int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); + int X509_NAME_get_index_by_OBJ(const X509_NAME *name, + const ASN1_OBJECT *obj, int lastpos); int X509_NAME_entry_count(const X509_NAME *name); X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); - int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); - int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); + int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, + char *buf, int len); + int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, + char *buf, int len); =head1 DESCRIPTION diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod index 4e51ef2857..b4d0cf4dd9 100644 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -13,15 +13,15 @@ information #include - int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); - int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); - X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); + X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); - X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); + X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); - STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); + STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); const char *X509_verify_cert_error_string(long n); diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index db8416fab4..3f10a5189b 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -28,18 +28,18 @@ X509_STORE_CTX_verify_fn void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); - STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); + STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); - X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); + X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); - STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); + STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); - int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); + int X509_STORE_CTX_get_num_untrusted(const X509_STORE_CTX *ctx); typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); diff --git a/doc/man3/X509_STORE_get0_param.pod b/doc/man3/X509_STORE_get0_param.pod index 6db760ea51..c458afa17d 100644 --- a/doc/man3/X509_STORE_get0_param.pod +++ b/doc/man3/X509_STORE_get0_param.pod @@ -10,9 +10,9 @@ X509_STORE_get0_objects, X509_STORE_get1_all_certs #include - X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); - int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); - STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx); + X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx); + int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm); + STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *ctx); STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); =head1 DESCRIPTION diff --git a/doc/man3/X509_STORE_set_verify_cb_func.pod b/doc/man3/X509_STORE_set_verify_cb_func.pod index b6069a3b6e..5a2a52fe5d 100644 --- a/doc/man3/X509_STORE_set_verify_cb_func.pod +++ b/doc/man3/X509_STORE_set_verify_cb_func.pod @@ -51,57 +51,65 @@ X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn X509_CRL *crl, X509 *x); typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, - X509_NAME *nm); - typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, - X509_NAME *nm); + const X509_NAME *nm); + typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(const + X509_STORE_CTX *ctx, + const X509_NAME *nm); typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); void X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); - X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx); + X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE_CTX *ctx); void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); - X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); + X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx); void X509_STORE_set_get_issuer(X509_STORE *ctx, X509_STORE_CTX_get_issuer_fn get_issuer); - X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx); + X509_STORE_CTX_get_issuer_fn + X509_STORE_get_get_issuer(const X509_STORE_CTX *ctx); void X509_STORE_set_check_issued(X509_STORE *ctx, X509_STORE_CTX_check_issued_fn check_issued); - X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx); + X509_STORE_CTX_check_issued_fn + X509_STORE_get_check_issued(const X509_STORE_CTX *ctx); void X509_STORE_set_check_revocation(X509_STORE *ctx, X509_STORE_CTX_check_revocation_fn check_revocation); - X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx); + X509_STORE_CTX_check_revocation_fn + X509_STORE_get_check_revocation(const X509_STORE_CTX *ctx); void X509_STORE_set_get_crl(X509_STORE *ctx, X509_STORE_CTX_get_crl_fn get_crl); - X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx); + X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE_CTX *ctx); void X509_STORE_set_check_crl(X509_STORE *ctx, X509_STORE_CTX_check_crl_fn check_crl); - X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx); + X509_STORE_CTX_check_crl_fn + X509_STORE_get_check_crl(const X509_STORE_CTX *ctx); void X509_STORE_set_cert_crl(X509_STORE *ctx, X509_STORE_CTX_cert_crl_fn cert_crl); - X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx); + X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE_CTX *ctx); void X509_STORE_set_check_policy(X509_STORE *ctx, X509_STORE_CTX_check_policy_fn check_policy); - X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx); + X509_STORE_CTX_check_policy_fn + X509_STORE_get_check_policy(const X509_STORE_CTX *ctx); void X509_STORE_set_lookup_certs(X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs); - X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx); + X509_STORE_CTX_lookup_certs_fn + X509_STORE_get_lookup_certs(const X509_STORE_CTX *ctx); void X509_STORE_set_lookup_crls(X509_STORE *ctx, X509_STORE_CTX_lookup_crls_fn lookup_crls); - X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx); + X509_STORE_CTX_lookup_crls_fn + X509_STORE_get_lookup_crls(const X509_STORE_CTX *ctx); void X509_STORE_set_cleanup(X509_STORE *ctx, X509_STORE_CTX_cleanup_fn cleanup); - X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx); + X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE_CTX *ctx); /* Aliases */ void X509_STORE_set_verify_cb_func(X509_STORE *st, diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 8352a39b86..b458c2826d 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -57,7 +57,7 @@ X509_VERIFY_PARAM_set1_ip_asc void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); - char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); + char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen); int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, diff --git a/doc/man3/X509_get_subject_name.pod b/doc/man3/X509_get_subject_name.pod index 8c9d854b9a..3b52d370e8 100644 --- a/doc/man3/X509_get_subject_name.pod +++ b/doc/man3/X509_get_subject_name.pod @@ -12,16 +12,16 @@ subject names #include X509_NAME *X509_get_subject_name(const X509 *x); - int X509_set_subject_name(X509 *x, X509_NAME *name); + int X509_set_subject_name(X509 *x, const X509_NAME *name); X509_NAME *X509_get_issuer_name(const X509 *x); - int X509_set_issuer_name(X509 *x, X509_NAME *name); + int X509_set_issuer_name(X509 *x, const X509_NAME *name); X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); - int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); + int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name); X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); - int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); + int X509_CRL_set_issuer_name(X509_CRL *x, const X509_NAME *name); =head1 DESCRIPTION diff --git a/include/crypto/x509.h b/include/crypto/x509.h index edd85b6db0..d68150ff98 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -227,8 +227,11 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check policy status of the chain */ int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, + const X509_NAME *nm); + /* cannot constify 'ctx' param due to lookup_certs_sk() in x509_vfy.c */ + STACK_OF(X509_CRL) *(*lookup_crls) (const X509_STORE_CTX *ctx, + const X509_NAME *nm); int (*cleanup) (X509_STORE_CTX *ctx); /* The following is built up */ /* if 0, rebuild chain */ diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 8583362648..baf61f250e 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -566,7 +566,7 @@ int BIO_ctrl_reset_read_request(BIO *b); #define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) int BIO_set_ex_data(BIO *bio, int idx, void *data); -void *BIO_get_ex_data(BIO *bio, int idx); +void *BIO_get_ex_data(const BIO *bio, int idx); uint64_t BIO_number_read(BIO *bio); uint64_t BIO_number_written(BIO *bio); diff --git a/include/openssl/crmf.h b/include/openssl/crmf.h index b578906a67..ac310c8f5d 100644 --- a/include/openssl/crmf.h +++ b/include/openssl/crmf.h @@ -122,9 +122,10 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); -X509_NAME +const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); -X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); +const X509_NAME +*OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, EVP_PKEY *pubkey, diff --git a/include/openssl/dh.h b/include/openssl/dh.h index b26e94e8e9..8af0670ecf 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -155,7 +155,7 @@ DEPRECATEDIN_3_0(int DH_security_bits(const DH *dh)) CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) # endif DEPRECATEDIN_3_0(int DH_set_ex_data(DH *d, int idx, void *arg)) -DEPRECATEDIN_3_0(void *DH_get_ex_data(DH *d, int idx)) +DEPRECATEDIN_3_0(void *DH_get_ex_data(const DH *d, int idx)) /* Deprecated version */ DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index ac4d221b2d..c704d5d5c9 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -130,7 +130,7 @@ DEPRECATEDIN_3_0(int DSA_verify(int type, const unsigned char *dgst, CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) # endif DEPRECATEDIN_3_0(int DSA_set_ex_data(DSA *d, int idx, void *arg)) -DEPRECATEDIN_3_0(void *DSA_get_ex_data(DSA *d, int idx)) +DEPRECATEDIN_3_0(void *DSA_get_ex_data(const DSA *d, int idx)) DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPublicKey) DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPrivateKey) diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index 4b0f635cf7..5acd04b6ea 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -177,8 +177,8 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC; ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) # define OCSP_CERTSTATUS_dup(cs)\ - (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ - (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + (OCSP_CERTSTATUS*)ASN1_dup((i2d_of_void *)i2d_OCSP_CERTSTATUS,\ + (d2i_of_void *)d2i_OCSP_CERTSTATUS,(char *)(cs)) DECLARE_ASN1_DUP_FUNCTION(OCSP_CERTID) @@ -205,7 +205,7 @@ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); -int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm); int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); int OCSP_request_sign(OCSP_REQUEST *req, @@ -286,7 +286,7 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids); X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); -X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls); +X509_EXTENSION *OCSP_url_svcloc_new(const X509_NAME *issuer, const char **urls); int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); diff --git a/include/openssl/ui.h b/include/openssl/ui.h index 56fb6f580f..b170f4d41c 100644 --- a/include/openssl/ui.h +++ b/include/openssl/ui.h @@ -214,7 +214,7 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); # define UI_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) int UI_set_ex_data(UI *r, int idx, void *arg); -void *UI_get_ex_data(UI *r, int idx); +void *UI_get_ex_data(const UI *r, int idx); /* Use specific methods instead of the built-in one */ void UI_set_default_method(const UI_METHOD *meth); diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 82feb75efb..8952e392a8 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -342,7 +342,9 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), int (*crl_free) (X509_CRL *crl), int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, + const + ASN1_INTEGER *serial, + const X509_NAME *issuer), int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk)); @@ -564,7 +566,7 @@ DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) #define X509_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) int X509_set_ex_data(X509 *r, int idx, void *arg); -void *X509_get_ex_data(X509 *r, int idx); +void *X509_get_ex_data(const X509 *r, int idx); DECLARE_ASN1_ENCODE_FUNCTIONS_only(X509,X509_AUX) int i2d_re_X509_tbs(X509 *x, unsigned char **pp); @@ -608,7 +610,7 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL) int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); int X509_CRL_get0_by_serial(X509_CRL *crl, - X509_REVOKED **ret, ASN1_INTEGER *serial); + X509_REVOKED **ret, const ASN1_INTEGER *serial); int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); X509_PKEY *X509_PKEY_new(void); @@ -655,10 +657,10 @@ int X509_set_version(X509 *x, long version); int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); ASN1_INTEGER *X509_get_serialNumber(X509 *x); const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); -int X509_set_issuer_name(X509 *x, X509_NAME *name); -X509_NAME *X509_get_issuer_name(const X509 *a); -int X509_set_subject_name(X509 *x, X509_NAME *name); -X509_NAME *X509_get_subject_name(const X509 *a); +int X509_set_issuer_name(X509 *x, const X509_NAME *name); +X509_NAME *X509_get_issuer_name(const X509 *a); /* TODO change to get0_ */ +int X509_set_subject_name(X509 *x, const X509_NAME *name); +X509_NAME *X509_get_subject_name(const X509 *a); /* TODO change to get0_ */ const ASN1_TIME * X509_get0_notBefore(const X509 *x); ASN1_TIME *X509_getm_notBefore(const X509 *x); int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); @@ -694,8 +696,8 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); long X509_REQ_get_version(const X509_REQ *req); int X509_REQ_set_version(X509_REQ *x, long version); -X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); -int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); /* TODO change to get0_ */ +int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); int X509_REQ_get_signature_nid(const X509_REQ *req); @@ -729,7 +731,7 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, const unsigned char *bytes, int len); int X509_CRL_set_version(X509_CRL *x, long version); -int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set_issuer_name(X509_CRL *x, const X509_NAME *name); int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_sort(X509_CRL *crl); @@ -745,7 +747,7 @@ const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) -X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); /* TODO change to get0_ */ const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, @@ -788,8 +790,8 @@ unsigned long X509_subject_name_hash_old(X509 *x); int X509_cmp(const X509 *a, const X509 *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); -unsigned long X509_NAME_hash(X509_NAME *x); -unsigned long X509_NAME_hash_old(X509_NAME *x); +unsigned long X509_NAME_hash(const X509_NAME *x); +unsigned long X509_NAME_hash_old(const X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); @@ -818,16 +820,17 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, int X509_REQ_print(BIO *bp, X509_REQ *req); int X509_NAME_entry_count(const X509_NAME *name); -int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); -int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, +int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, + char *buf, int len); +int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); /* * NOTE: you should be passing -1, not 0 as lastpos. The functions that use * lastpos, search after that position on. */ -int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); -int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, +int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); +int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); @@ -861,7 +864,7 @@ ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); -int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, +int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, size_t *pderlen); int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); @@ -991,9 +994,9 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, int X509_verify_cert(X509_STORE_CTX *ctx); /* lookup a cert from a X509 STACK */ -X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, - ASN1_INTEGER *serial); -X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name, + const ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name); DECLARE_ASN1_FUNCTIONS(PBEPARAM) DECLARE_ASN1_FUNCTIONS(PBE2PARAM) diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 75529b234e..99c3ab2048 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -80,10 +80,12 @@ typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); -typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, - X509_NAME *nm); -typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, - X509_NAME *nm); +typedef STACK_OF(X509) + *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, + const X509_NAME *nm); +typedef STACK_OF(X509_CRL) + *(*X509_STORE_CTX_lookup_crls_fn)(const X509_STORE_CTX *ctx, + const X509_NAME *nm); typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); @@ -269,10 +271,10 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); | X509_V_FLAG_INHIBIT_MAP) int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - X509_NAME *name); + const X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - X509_NAME *name); + const X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); int X509_OBJECT_up_ref_count(X509_OBJECT *a); @@ -281,72 +283,74 @@ void X509_OBJECT_free(X509_OBJECT *a); X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); -X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a); int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); int X509_STORE_lock(X509_STORE *ctx); int X509_STORE_unlock(X509_STORE *ctx); int X509_STORE_up_ref(X509_STORE *v); - -STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v); STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); -STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); -STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, + const X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st, + const X509_NAME *nm); int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); int X509_STORE_set_trust(X509_STORE *ctx, int trust); -int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); -X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); +int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx); void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); #define X509_STORE_set_verify_func(ctx, func) \ X509_STORE_set_verify((ctx),(func)) void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); -X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx); void X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); # define X509_STORE_set_verify_cb_func(ctx,func) \ X509_STORE_set_verify_cb((ctx),(func)) -X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx); +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx); void X509_STORE_set_get_issuer(X509_STORE *ctx, X509_STORE_CTX_get_issuer_fn get_issuer); -X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx); void X509_STORE_set_check_issued(X509_STORE *ctx, X509_STORE_CTX_check_issued_fn check_issued); -X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx); void X509_STORE_set_check_revocation(X509_STORE *ctx, X509_STORE_CTX_check_revocation_fn check_revocation); -X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx); +X509_STORE_CTX_check_revocation_fn + X509_STORE_get_check_revocation(const X509_STORE *ctx); void X509_STORE_set_get_crl(X509_STORE *ctx, X509_STORE_CTX_get_crl_fn get_crl); -X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx); +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx); void X509_STORE_set_check_crl(X509_STORE *ctx, X509_STORE_CTX_check_crl_fn check_crl); -X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx); void X509_STORE_set_cert_crl(X509_STORE *ctx, X509_STORE_CTX_cert_crl_fn cert_crl); -X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx); void X509_STORE_set_check_policy(X509_STORE *ctx, X509_STORE_CTX_check_policy_fn check_policy); -X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx); void X509_STORE_set_lookup_certs(X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs); -X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx); void X509_STORE_set_lookup_crls(X509_STORE *ctx, X509_STORE_CTX_lookup_crls_fn lookup_crls); #define X509_STORE_set_lookup_crls_cb(ctx, func) \ X509_STORE_set_lookup_crls((ctx), (func)) -X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx); void X509_STORE_set_cleanup(X509_STORE *ctx, X509_STORE_CTX_cleanup_fn cleanup); -X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx); #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); -void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx); +void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx); X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -358,24 +362,24 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); -X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); -X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); -STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); +STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_cb verify); -X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); -X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); -X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); -X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); -X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); -X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); -X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); -X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); -X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); -X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); -X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); -X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(const X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx); +X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(const X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(const X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(const X509_STORE_CTX *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain @@ -399,12 +403,12 @@ typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, + const X509_NAME *name, X509_OBJECT *ret); typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, - ASN1_INTEGER *serial, + const X509_NAME *name, + const ASN1_INTEGER *serial, X509_OBJECT *ret); typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, @@ -468,11 +472,12 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); -int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); +int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret); X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, - X509_NAME *name); + const X509_NAME *name); int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); @@ -485,9 +490,10 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); void X509_LOOKUP_free(X509_LOOKUP *ctx); int X509_LOOKUP_init(X509_LOOKUP *ctx); int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); + const X509_NAME *name, X509_OBJECT *ret); int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, + const X509_NAME *name, + const ASN1_INTEGER *serial, X509_OBJECT *ret); int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const unsigned char *bytes, int len, @@ -502,25 +508,26 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); int X509_STORE_load_file(X509_STORE *ctx, const char *file); int X509_STORE_load_path(X509_STORE *ctx, const char *path); int X509_STORE_load_store(X509_STORE *ctx, const char *store); -DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx, const char *file, - const char *dir)) +DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx, + const char *file, + const char *dir)) int X509_STORE_set_default_paths(X509_STORE *ctx); #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); -void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); -int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void *X509_STORE_CTX_get_ex_data(const X509_STORE_CTX *ctx, int idx); +int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); -int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); -X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); -X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); -X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); -X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); -STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); -STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); @@ -532,11 +539,11 @@ void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t); -X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); -int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); -int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(const X509_STORE_CTX *ctx); -X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); @@ -583,7 +590,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); -char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen); @@ -625,26 +632,23 @@ int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i); -STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const - X509_POLICY_TREE - *tree); +STACK_OF(X509_POLICY_NODE) + *X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); -STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const - X509_POLICY_TREE - *tree); +STACK_OF(X509_POLICY_NODE) + *X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); int X509_policy_level_node_count(X509_POLICY_LEVEL *level); -X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, +X509_POLICY_NODE *X509_policy_level_get0_node(const X509_POLICY_LEVEL *level, int i); const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); -STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const - X509_POLICY_NODE - *node); -const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE - *node); +STACK_OF(POLICYQUALINFO) + *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); +const X509_POLICY_NODE + *X509_policy_node_get0_parent(const X509_POLICY_NODE *node); #ifdef __cplusplus } diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index a4004867fc..4a96aad69f 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -530,7 +530,7 @@ DECLARE_ASN1_FUNCTIONS(DIST_POINT) DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) -int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname); int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 923cf5b5cd..76096401be 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2240,7 +2240,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) /* Check to see if a certificate issuer name matches list of CA names */ static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x) { - X509_NAME *nm; + const X509_NAME *nm; int i; nm = X509_get_issuer_name(x); for (i = 0; i < sk_X509_NAME_num(names); i++) { diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index fa4ef911bf..6da9863179 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -520,7 +520,7 @@ static X509_STORE *X509_STORE_new_1(void) #define DEFINE_SET_TEST_DEFAULT(OSSL_CMP, CTX, N, DUP, FIELD, TYPE, DEFAULT) \ static TYPE *OSSL_CMP_CTX_get0_##FIELD(const CMP_CTX *ctx) \ { \ - return ctx == NULL ? ERR(NULL) : ctx->FIELD; \ + return ctx == NULL ? ERR(NULL) : (TYPE *)ctx->FIELD; \ } \ DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, N, 0, DUP, FIELD, TYPE, DEFAULT) #define DEFINE_SET_TEST(OSSL_CMP, CTX, N, DUP, FIELD, TYPE) \ diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index f52efa9855..f0b9b50b01 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -313,7 +313,7 @@ static int test_validate_msg_signature_sender_cert_absent(void) } -static int test_validate_with_sender(X509_NAME *name, int expected) +static int test_validate_with_sender(const X509_NAME *name, int expected) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = expected; diff --git a/test/ocspapitest.c b/test/ocspapitest.c index 358eb54fad..ad3b6cac67 100644 --- a/test/ocspapitest.c +++ b/test/ocspapitest.c @@ -182,7 +182,7 @@ err: static int test_ocsp_url_svcloc_new(void) { - static const char * urls[] = { + static const char *urls[] = { "www.openssl.org", "www.openssl.net", NULL -- 2.34.1