Type-checked (and modern C compliant) OBJ_bsearch.
authorBen Laurie <ben@openssl.org>
Sun, 12 Oct 2008 14:32:47 +0000 (14:32 +0000)
committerBen Laurie <ben@openssl.org>
Sun, 12 Oct 2008 14:32:47 +0000 (14:32 +0000)
42 files changed:
CHANGES
Configure
apps/s_client.c
apps/s_server.c
crypto/asn1/a_strnid.c
crypto/asn1/ameth_lib.c
crypto/evp/evp_pbe.c
crypto/evp/pmeth_lib.c
crypto/objects/obj_dat.c
crypto/objects/obj_xref.c
crypto/objects/obj_xref.h [deleted file]
crypto/objects/objects.h
crypto/objects/objxref.pl
crypto/x509/x509_vpm.c
crypto/x509v3/ext_dat.h
crypto/x509v3/v3_alt.c
crypto/x509v3/v3_conf.c
crypto/x509v3/v3_crld.c
crypto/x509v3/v3_extku.c
crypto/x509v3/v3_lib.c
crypto/x509v3/v3_ncons.c
crypto/x509v3/v3_ocsp.c
crypto/x509v3/v3_pcons.c
crypto/x509v3/v3_pmaps.c
crypto/x509v3/v3_prn.c
crypto/x509v3/v3_purp.c
crypto/x509v3/x509v3.h
engines/Makefile
ssl/d1_lib.c
ssl/s23_lib.c
ssl/s2_lib.c
ssl/s2_meth.c
ssl/s2_srvr.c
ssl/s3_clnt.c
ssl/s3_lib.c
ssl/s3_meth.c
ssl/ssl.h
ssl/ssl3.h
ssl/ssl_ciph.c
ssl/ssl_lib.c
ssl/ssl_locl.h
ssl/ssltest.c

diff --git a/CHANGES b/CHANGES
index ecead77..0a087c1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]
 
+  *) Type-checked OBJ_bsearch. Also some constification necessitated
+     by type-checking.  Still to come: TXT_DB, bsearch(?),
+     OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING,
+     CONF_VALUE.  [Ben Laurie]
+
   *) New function OPENSSL_gmtime_adj() to add a specific number of days and
      seconds to a tm structure directly, instead of going through OS
      specific date routines. This avoids any issues with OS routines such
index aa396e0..77b13e4 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -164,6 +164,7 @@ my %table=(
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-debug",     "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
+"debug-ben-no-opt",    "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
 "debug-ben-strict",    "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",  "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
index 776196e..12e5c40 100644 (file)
@@ -1531,7 +1531,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
        char buf[BUFSIZ];
        STACK_OF(X509) *sk;
        STACK_OF(X509_NAME) *sk2;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
        X509_NAME *xn;
        int j,i;
 #ifndef OPENSSL_NO_COMP
index 27e520a..c95057a 100644 (file)
@@ -2182,7 +2182,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
        int ret=1;
        int i,j,k,blank,dot;
        SSL *con;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
        BIO *io,*ssl_bio,*sbio;
        long total_bytes;
 
index ecf1d60..f0d5416 100644 (file)
@@ -67,7 +67,6 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
 static void st_free(ASN1_STRING_TABLE *tbl);
 static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
                        const ASN1_STRING_TABLE * const *b);
-static int table_cmp(const void *a, const void *b);
 
 
 /* This is the global mask for the mbstring functions: this is use to
@@ -186,22 +185,25 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
        return (*a)->nid - (*b)->nid;
 }
 
-static int table_cmp(const void *a, const void *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table_cmp);
+
+static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
 {
-       const ASN1_STRING_TABLE *sa = a, *sb = b;
-       return sa->nid - sb->nid;
+       return a->nid - b->nid;
 }
 
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table_cmp);
+
 ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
 {
        int idx;
        ASN1_STRING_TABLE *ttmp;
        ASN1_STRING_TABLE fnd;
        fnd.nid = nid;
-       ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
-                                       (char *)tbl_standard, 
-                       sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
-                       sizeof(ASN1_STRING_TABLE), table_cmp);
+       ttmp = OBJ_bsearch(ASN1_STRING_TABLE, &fnd,
+                          ASN1_STRING_TABLE, tbl_standard, 
+                          sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
+                          table_cmp);
        if(ttmp) return ttmp;
        if(!stable) return NULL;
        idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
index 47cbdd2..300195b 100644 (file)
@@ -112,12 +112,18 @@ void main()
        }
 #endif
 
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PKEY_ASN1_METHOD *,
+                          const EVP_PKEY_ASN1_METHOD *, ameth_cmp);
+
 static int ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a,
-                const EVP_PKEY_ASN1_METHOD * const *b)
+                    const EVP_PKEY_ASN1_METHOD * const *b)
        {
         return ((*a)->pkey_id - (*b)->pkey_id);
        }
 
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PKEY_ASN1_METHOD *,
+                            const EVP_PKEY_ASN1_METHOD *, ameth_cmp);
+
 int EVP_PKEY_asn1_get_count(void)
        {
        int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
@@ -139,7 +145,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
 
 static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
        {
-       EVP_PKEY_ASN1_METHOD tmp, *t = &tmp, **ret;
+       EVP_PKEY_ASN1_METHOD tmp, *t = &tmp;
+       const EVP_PKEY_ASN1_METHOD **ret;
        tmp.pkey_id = type;
        if (app_methods)
                {
@@ -148,11 +155,11 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
                if (idx >= 0)
                        return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
                }
-       ret = (EVP_PKEY_ASN1_METHOD **) OBJ_bsearch((char *)&t,
-                       (char *)standard_methods,
-                       sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *),
-                       sizeof(EVP_PKEY_ASN1_METHOD *),
-                       (int (*)(const void *, const void *))ameth_cmp);
+       ret = OBJ_bsearch(EVP_PKEY_ASN1_METHOD *, &t,
+                         const EVP_PKEY_ASN1_METHOD *, standard_methods,
+                         sizeof(standard_methods)
+                         /sizeof(EVP_PKEY_ASN1_METHOD *),
+                         ameth_cmp);
        if (!ret || !*ret)
                return NULL;
        return *ret;
index 8fecd34..7d6a502 100644 (file)
@@ -189,10 +189,10 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
        return 1;       
 }
 
-static int pbe_cmp2(const void *a, const void *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe_cmp2);
+
+static int pbe_cmp2(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
        {
-       const EVP_PBE_CTL *pbe1 = a;
-       const EVP_PBE_CTL *pbe2 = b;
        int ret = pbe1->pbe_type - pbe2->pbe_type;
        if (ret)
                return ret;
@@ -200,6 +200,8 @@ static int pbe_cmp2(const void *a, const void *b)
                return pbe1->pbe_nid - pbe2->pbe_nid;
        }
 
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe_cmp2);
+
 static int pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
        {
        int ret = (*a)->pbe_type - (*b)->pbe_type;
@@ -269,11 +271,10 @@ int EVP_PBE_find(int type, int pbe_nid,
                }
        if (pbetmp == NULL)
                {
-               pbetmp = (EVP_PBE_CTL *) OBJ_bsearch((char *)&pbelu,
-                       (char *)builtin_pbe,
-                       sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL),
-                       sizeof(EVP_PBE_CTL),
-                       pbe_cmp2);
+               pbetmp = OBJ_bsearch(EVP_PBE_CTL, &pbelu,
+                                    EVP_PBE_CTL, builtin_pbe,
+                                    sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL),
+                                    pbe_cmp2);
                }
        if (pbetmp == NULL)
                return 0;
index 765a6c0..3fd11cb 100644 (file)
@@ -84,15 +84,22 @@ static const EVP_PKEY_METHOD *standard_methods[] =
        &hmac_pkey_meth,
        };
 
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                          pmeth_cmp);
+
 static int pmeth_cmp(const EVP_PKEY_METHOD * const *a,
-                const EVP_PKEY_METHOD * const *b)
+                    const EVP_PKEY_METHOD * const *b)
        {
         return ((*a)->pkey_id - (*b)->pkey_id);
        }
 
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                            pmeth_cmp);
+
 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
        {
-       EVP_PKEY_METHOD tmp, *t = &tmp, **ret;
+       EVP_PKEY_METHOD tmp, *t = &tmp;
+       const EVP_PKEY_METHOD **ret;
        tmp.pkey_id = type;
        if (app_pkey_methods)
                {
@@ -101,11 +108,10 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
                if (idx >= 0)
                        return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
                }
-       ret = (EVP_PKEY_METHOD **) OBJ_bsearch((char *)&t,
-                       (char *)standard_methods,
-                       sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *),
-                       sizeof(EVP_PKEY_METHOD *),
-                       (int (*)(const void *, const void *))pmeth_cmp);
+       ret = OBJ_bsearch(EVP_PKEY_METHOD *, &t,
+                         const EVP_PKEY_METHOD *, standard_methods,
+                         sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *),
+                         pmeth_cmp);
        if (!ret || !*ret)
                return NULL;
        return *ret;
index db88f5f..acb6bcf 100644 (file)
@@ -81,9 +81,10 @@ static const unsigned int ln_objs[1];
 static const unsigned int obj_objs[1];
 #endif
 
-static int sn_cmp(const void *a, const void *b);
-static int ln_cmp(const void *a, const void *b);
-static int obj_cmp(const void *a, const void *b);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, sn_cmp);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, ln_cmp);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, obj_cmp);
+
 #define ADDED_DATA     0
 #define ADDED_SNAME    1
 #define ADDED_LNAME    2
@@ -99,19 +100,15 @@ DECLARE_LHASH_OF(ADDED_OBJ);
 static int new_nid=NUM_NID;
 static LHASH_OF(ADDED_OBJ) *added=NULL;
 
-static int sn_cmp(const void *a, const void *b)
-       {
-       const ASN1_OBJECT * const *ap = a;
-       const unsigned int *bp = b;
-       return(strcmp((*ap)->sn,nid_objs[*bp].sn));
-       }
+static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
+       { return(strcmp((*a)->sn,nid_objs[*b].sn)); }
 
-static int ln_cmp(const void *a, const void *b)
-       { 
-       const ASN1_OBJECT * const *ap = a;
-       const unsigned int *bp = b;
-       return(strcmp((*ap)->ln,nid_objs[*bp].ln));
-       }
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, sn_cmp)
+
+static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
+       { return(strcmp((*a)->ln,nid_objs[*b].ln)); }
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, ln_cmp)
 
 static unsigned long added_obj_hash(const ADDED_OBJ *ca)
        {
@@ -385,6 +382,19 @@ const char *OBJ_nid2ln(int n)
                }
        }
 
+static int obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp)
+       {
+       int j;
+       const ASN1_OBJECT *a= *ap;
+       const ASN1_OBJECT *b= &nid_objs[*bp];
+
+       j=(a->length - b->length);
+        if (j) return(j);
+       return(memcmp(a->data,b->data,a->length));
+       }
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, obj_cmp)
+
 int OBJ_obj2nid(const ASN1_OBJECT *a)
        {
        const unsigned int *op;
@@ -402,8 +412,8 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL) return (adp->obj->nid);
                }
-       op=(const unsigned int *)OBJ_bsearch((const char *)&a,(const char *)obj_objs,
-               NUM_OBJ, sizeof(obj_objs[0]),obj_cmp);
+       op=OBJ_bsearch(const ASN1_OBJECT *, &a, const unsigned int, obj_objs,
+                      NUM_OBJ, obj_cmp);
        if (op == NULL)
                return(NID_undef);
        return(nid_objs[*op].nid);
@@ -625,7 +635,8 @@ int OBJ_txt2nid(const char *s)
 
 int OBJ_ln2nid(const char *s)
        {
-       ASN1_OBJECT o,*oo= &o;
+       ASN1_OBJECT o;
+       const ASN1_OBJECT *oo= &o;
        ADDED_OBJ ad,*adp;
        const unsigned int *op;
 
@@ -637,15 +648,16 @@ int OBJ_ln2nid(const char *s)
                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL) return (adp->obj->nid);
                }
-       op=(const unsigned int*)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,
-               sizeof(ln_objs[0]),ln_cmp);
+       op=OBJ_bsearch(const ASN1_OBJECT *, &oo, const unsigned int, ln_objs,
+                                  NUM_LN, ln_cmp);
        if (op == NULL) return(NID_undef);
        return(nid_objs[*op].nid);
        }
 
 int OBJ_sn2nid(const char *s)
        {
-       ASN1_OBJECT o,*oo= &o;
+       ASN1_OBJECT o;
+       const ASN1_OBJECT *oo= &o;
        ADDED_OBJ ad,*adp;
        const unsigned int *op;
 
@@ -657,32 +669,22 @@ int OBJ_sn2nid(const char *s)
                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL) return (adp->obj->nid);
                }
-       op=(const unsigned int *)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
-               sizeof(sn_objs[0]),sn_cmp);
+       op=OBJ_bsearch(const ASN1_OBJECT *, &oo, const unsigned int, sn_objs,
+                                  NUM_SN, sn_cmp);
        if (op == NULL) return(NID_undef);
        return(nid_objs[*op].nid);
        }
 
-static int obj_cmp(const void *ap, const void *bp)
-       {
-       int j;
-       const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;
-       const ASN1_OBJECT *b= &nid_objs[*((const unsigned int *)bp)];
-
-       j=(a->length - b->length);
-        if (j) return(j);
-       return(memcmp(a->data,b->data,a->length));
-        }
-
-const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
-       int (*cmp)(const void *, const void *))
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
+                        int (*cmp)(const void *, const void *))
        {
        return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
        }
 
-const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
+const void *OBJ_bsearch_ex(const void *key, const void *base_, int num,
        int size, int (*cmp)(const void *, const void *), int flags)
        {
+       const char *base=base_;
        int l,h,i=0,c=0;
        const char *p = NULL;
 
index 4ebaa1c..3e85e7a 100644 (file)
@@ -64,28 +64,35 @@ STACK_OF(nid_triple) *sig_app, *sigx_app;
 
 static int cmp_sig(const nid_triple *a, const nid_triple *b)
        {
-       return **a - **b;
+       return a->sign_id - b->sign_id;
        }
 
+DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple, const nid_triple, cmp_sig);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple, const nid_triple, cmp_sig)
+
 static int cmp_sig_sk(const nid_triple * const *a, const nid_triple * const *b)
        {
-       return ***a - ***b;
+       return (*a)->sign_id - (*b)->sign_id;
        }
 
+DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, cmp_sigx);
+
 static int cmp_sigx(const nid_triple * const *a, const nid_triple * const *b)
        {
        int ret;
-       ret = (**a)[1] - (**b)[1];
+       ret = (*a)->hash_id - (*b)->hash_id;
        if (ret)
                return ret;
-       return (**a)[2] - (**b)[2];
+       return (*a)->pkey_id - (*b)->pkey_id;
        }
 
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, cmp_sigx)
 
 int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
        {
-       nid_triple tmp, *rv = NULL;
-       tmp[0] = signid;
+       nid_triple tmp;
+       const nid_triple *rv = NULL;
+       tmp.sign_id = signid;
 
        if (sig_app)
                {
@@ -97,25 +104,27 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
 #ifndef OBJ_XREF_TEST2
        if (rv == NULL)
                {
-               rv = (nid_triple *)OBJ_bsearch((char *)&tmp,
-                               (char *)sigoid_srt,
-                               sizeof(sigoid_srt) / sizeof(nid_triple),
-                               sizeof(nid_triple),
-                               (int (*)(const void *, const void *))cmp_sig);
+               rv = OBJ_bsearch(const nid_triple,&tmp,
+                                const nid_triple,sigoid_srt,
+                                sizeof(sigoid_srt) / sizeof(nid_triple),
+                                cmp_sig);
                }
 #endif
        if (rv == NULL)
                return 0;
-       *pdig_nid = (*rv)[1];
-       *ppkey_nid = (*rv)[2];
+       *pdig_nid = rv->hash_id;
+       *ppkey_nid = rv->pkey_id;
        return 1;
        }
 
 int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
        {
-       nid_triple tmp, *t=&tmp, **rv = NULL;
-       tmp[1] = dig_nid;
-       tmp[2] = pkey_nid;
+       nid_triple tmp;
+       const nid_triple const *t=&tmp;
+       const nid_triple **rv = NULL;
+
+       tmp.hash_id = dig_nid;
+       tmp.pkey_id = pkey_nid;
 
        if (sigx_app)
                {
@@ -130,16 +139,15 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
 #ifndef OBJ_XREF_TEST2
        if (rv == NULL)
                {
-               rv = (nid_triple **)OBJ_bsearch((char *)&t,
-                               (char *)sigoid_srt_xref,
-                               sizeof(sigoid_srt_xref) / sizeof(nid_triple *),
-                               sizeof(nid_triple *),
-                               (int (*)(const void *, const void *))cmp_sigx);
+               rv = OBJ_bsearch(const nid_triple *,&t,
+                                const nid_triple *,sigoid_srt_xref,
+                                sizeof(sigoid_srt_xref) / sizeof(nid_triple *),
+                                cmp_sigx);
                }
 #endif
        if (rv == NULL)
                return 0;
-       *psignid = (**rv)[0];
+       *psignid = (*rv)->sign_id;
        return 1;
        }
 
@@ -157,9 +165,9 @@ int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
        ntr = OPENSSL_malloc(sizeof(int) * 3);
        if (!ntr)
                return 0;
-       (*ntr)[0] = signid;
-       (*ntr)[1] = dig_id;
-       (*ntr)[2] = pkey_id;
+       ntr->sign_id = signid;
+       ntr->hash_id = dig_id;
+       ntr->pkey_id = pkey_id;
 
        if (!sk_nid_triple_push(sig_app, ntr))
                {
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
deleted file mode 100644 (file)
index c139d3a..0000000
+++ /dev/null
@@ -1,69 +0,0 @@
-
-typedef int nid_triple[3];
-
-static const nid_triple sigoid_srt[] =
-       {
-       {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
-       {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
-       {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
-       {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
-       {NID_dsaWithSHA, NID_sha, NID_dsa},
-       {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
-       {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
-       {NID_md5WithRSA, NID_md5, NID_rsa},
-       {NID_dsaWithSHA1, NID_sha1, NID_dsa},
-       {NID_sha1WithRSA, NID_sha1, NID_rsa},
-       {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
-       {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
-       {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
-       {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
-       {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
-       {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
-       {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
-       {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
-       {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
-       {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
-       {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
-       {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
-       {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
-       {NID_dsa_with_SHA224, NID_sha224, NID_dsa},
-       {NID_dsa_with_SHA256, NID_sha256, NID_dsa},
-       {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001},
-       {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94},
-       {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
-       {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
-       };
-
-static const nid_triple * const sigoid_srt_xref[] =
-       {
-       &sigoid_srt[17],
-       &sigoid_srt[18],
-       &sigoid_srt[0],
-       &sigoid_srt[1],
-       &sigoid_srt[7],
-       &sigoid_srt[2],
-       &sigoid_srt[4],
-       &sigoid_srt[3],
-       &sigoid_srt[9],
-       &sigoid_srt[5],
-       &sigoid_srt[8],
-       &sigoid_srt[12],
-       &sigoid_srt[6],
-       &sigoid_srt[10],
-       &sigoid_srt[11],
-       &sigoid_srt[13],
-       &sigoid_srt[24],
-       &sigoid_srt[20],
-       &sigoid_srt[14],
-       &sigoid_srt[21],
-       &sigoid_srt[15],
-       &sigoid_srt[22],
-       &sigoid_srt[16],
-       &sigoid_srt[23],
-       &sigoid_srt[19],
-       &sigoid_srt[25],
-       &sigoid_srt[26],
-       &sigoid_srt[27],
-       &sigoid_srt[28],
-       };
-
index 7d8cdc9..7dc1bf5 100644 (file)
@@ -1011,10 +1011,68 @@ int             OBJ_txt2nid(const char *s);
 int            OBJ_ln2nid(const char *s);
 int            OBJ_sn2nid(const char *s);
 int            OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
-const char *   OBJ_bsearch(const char *key,const char *base,int num,int size,
-       int (*cmp)(const void *, const void *));
-const char *   OBJ_bsearch_ex(const char *key,const char *base,int num,
-       int size, int (*cmp)(const void *, const void *), int flags);
+const void *   OBJ_bsearch_(const void *key,const void *base,int num,int size,
+                            int (*cmp)(const void *, const void *));
+const void *   OBJ_bsearch_ex(const void *key,const void *base,int num,
+                              int size, int (*cmp)(const void *, const void *),
+                              int flags);
+
+#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, cmp)  \
+  scope type1 *cmp##_type_1; \
+  scope type2 *cmp##_type_2;                                   \
+  scope int cmp##_BSEARCH_CMP_FN(const void *, const void *);          \
+  scope int cmp(const type1 const *, const type2 const *);
+
+#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)  \
+  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp)   \
+  _DECLARE_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp)
+
+/*
+ * Unsolved problem: if a type is actually a pointer type, like
+ * nid_triple is, then its impossible to get a const where you need
+ * it. Consider:
+ *
+ * typedef int nid_triple[3];
+ * const void *a_;
+ * const nid_triple const *a = a_;
+ *
+ * The assignement discards a const because what you really want is:
+ *
+ * const int const * const *a = a_;
+ *
+ * But if you do that, you lose the fact that a is an array of 3 ints,
+ * which breaks comparison functions.
+ *
+ * Thus we end up having to cast, sadly, or unpack the
+ * declarations. Or, as I finally did in this case, delcare nid_triple
+ * to be a struct, which it should have been in the first place.
+ *
+ * Ben, August 2008.
+ *
+ * Also, strictly speaking not all types need be const, but handling
+ * the non-constness means a lot of complication, and in practice
+ * comparison routines do always not touch their arguments.
+ */
+#define _IMPLEMENT_OBJ_BSEARCH_CMP_FN(scope, type1, type2, cmp)        \
+  scope int cmp##_BSEARCH_CMP_FN(const void *a_, const void *b_)       \
+      { \
+      const type1 const *a = a_; \
+      const type2 const *b = b_; \
+      return cmp(a,b); \
+      }
+
+#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \
+  _IMPLEMENT_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp) \
+  _IMPLEMENT_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp)
+
+#define OBJ_bsearch(type1,key,type2,base,num,cmp)                             \
+  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                        num,sizeof(type2),                             \
+                        (cmp##_type_1=CHECKED_PTR_OF(type1,cmp##_type_1), \
+                         cmp##_type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
+                         cmp##_BSEARCH_CMP_FN)))
 
 int            OBJ_new_nid(int num);
 int            OBJ_add_object(const ASN1_OBJECT *obj);
index 0dd360b..4a42924 100644 (file)
@@ -50,8 +50,14 @@ my @srt2 = sort
        
 
 print <<EOF;
+/* AUTOGENERATED BY $0, DO NOT EDIT */
 
-typedef int nid_triple[3];
+typedef struct
+       {
+       int sign_id;
+       int hash_id;
+       int pkey_id;
+       } nid_triple;
 
 static const nid_triple sigoid_srt[] =
        {
index e9db6d6..9c37c4d 100644 (file)
@@ -356,12 +356,17 @@ static const X509_VERIFY_PARAM default_table[] = {
 
 static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
 
-static int table_cmp(const void *pa, const void *pb)
+static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
+
        {
-       const X509_VERIFY_PARAM *a = pa, *b = pb;
        return strcmp(a->name, b->name);
        }
 
+DECLARE_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM,
+                          table_cmp);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM,
+                            table_cmp);
+
 static int param_cmp(const X509_VERIFY_PARAM * const *a,
                        const X509_VERIFY_PARAM * const *b)
        {
@@ -397,6 +402,7 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
        {
        int idx;
        X509_VERIFY_PARAM pm;
+
        pm.name = (char *)name;
        if (param_table)
                {
@@ -404,11 +410,10 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
                if (idx != -1)
                        return sk_X509_VERIFY_PARAM_value(param_table, idx);
                }
-       return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,
-                               (char *)&default_table,
-                               sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
-                               sizeof(X509_VERIFY_PARAM),
-                               table_cmp);
+       return OBJ_bsearch(const X509_VERIFY_PARAM, &pm,
+                          const X509_VERIFY_PARAM, default_table,
+                          sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
+                          table_cmp);
        }
 
 void X509_VERIFY_PARAM_table_cleanup(void)
index 59837a4..22a390a 100644 (file)
@@ -73,7 +73,7 @@ extern X509V3_EXT_METHOD v3_addr, v3_asid;
  * order of the ext_nid values.
  */
 
-static X509V3_EXT_METHOD *standard_exts[] = {
+static const X509V3_EXT_METHOD *standard_exts[] = {
 &v3_nscert,
 &v3_ns_ia5_list[0],
 &v3_ns_ia5_list[1],
index 2c2d6c4..55b4484 100644 (file)
@@ -392,8 +392,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
        
 }
 
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        GENERAL_NAME *gen;
        GENERAL_NAMES *gens = NULL;
@@ -414,15 +414,15 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
        return NULL;
 }
 
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                        CONF_VALUE *cnf)
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              CONF_VALUE *cnf)
        {
        return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
        }
 
 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
-                               X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                               int gen_type, char *value, int is_nc)
+                              const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              int gen_type, char *value, int is_nc)
        {
        char is_string = 0;
        GENERAL_NAME *gen = NULL;
@@ -518,8 +518,8 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
        }
 
 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-                               X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                CONF_VALUE *cnf, int is_nc)
+                                 const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
        {
        int type;
 
index e654ae7..df3b991 100644 (file)
@@ -72,8 +72,8 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, in
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
-                                                int crit, void *ext_struc);
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
+                                 int crit, void *ext_struc);
 static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
 /* CONF *conf:  Config file    */
 /* char *name:  Name    */
@@ -115,7 +115,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
                                    int crit, char *value)
        {
-       X509V3_EXT_METHOD *method;
+       const X509V3_EXT_METHOD *method;
        X509_EXTENSION *ext;
        STACK_OF(CONF_VALUE) *nval;
        void *ext_struc;
@@ -172,7 +172,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 
        }
 
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
                                  int crit, void *ext_struc)
        {
        unsigned char *ext_der;
@@ -214,7 +214,7 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
        {
-       X509V3_EXT_METHOD *method;
+       const X509V3_EXT_METHOD *method;
        if (!(method = X509V3_EXT_get_nid(ext_nid))) {
                X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
                return NULL;
index 17a1fbf..c5e616c 100644 (file)
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
-static void *v2i_crld(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_crldp(X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-                                                               int indent);
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+                     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                    int indent);
 
 const X509V3_EXT_METHOD v3_crld =
        {
@@ -308,8 +308,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
        return NULL;
        }
 
-static void *v2i_crld(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+                     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
        {
        STACK_OF(DIST_POINT) *crld = NULL;
        GENERAL_NAMES *gens = NULL;
@@ -426,10 +426,10 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
 
-static int i2r_idp(X509V3_EXT_METHOD *method,
-            void *pidp, BIO *out, int indent);
-static void *v2i_idp(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                  int indent);
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                    STACK_OF(CONF_VALUE) *nval);
 
 const X509V3_EXT_METHOD v3_idp =
        {
@@ -443,8 +443,8 @@ const X509V3_EXT_METHOD v3_idp =
        NULL
        };
 
-static void *v2i_idp(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                    STACK_OF(CONF_VALUE) *nval)
        {
        ISSUING_DIST_POINT *idp = NULL;
        CONF_VALUE *cnf;
@@ -535,7 +535,8 @@ static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
        return 1;
        }
 
-static int i2r_idp(X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                  int indent)
        {
        ISSUING_DIST_POINT *idp = pidp;
        if (idp->distpoint)
@@ -559,8 +560,8 @@ static int i2r_idp(X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
        return 1;
        }
 
-static int i2r_crldp(X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-                                                               int indent)
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                    int indent)
        {
        STACK_OF(DIST_POINT) *crld = pcrldp;
        DIST_POINT *point;
index a4efe00..4e968b9 100644 (file)
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx,
+                                   STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
                void *eku, STACK_OF(CONF_VALUE) *extlist);
 
 const X509V3_EXT_METHOD v3_ext_ku = {
@@ -97,8 +98,9 @@ ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
 
 IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
 
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-               void *a, STACK_OF(CONF_VALUE) *ext_list)
+static STACK_OF(CONF_VALUE) *
+  i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *a,
+                        STACK_OF(CONF_VALUE) *ext_list)
 {
        EXTENDED_KEY_USAGE *eku = a;
        int i;
@@ -112,8 +114,8 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
        return ext_list;
 }
 
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        EXTENDED_KEY_USAGE *extku;
        char *extval;
index f3015ea..3ad5b29 100644 (file)
@@ -84,20 +84,26 @@ int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
 }
 
 static int ext_cmp(const X509V3_EXT_METHOD * const *a,
-               const X509V3_EXT_METHOD * const *b)
+                  const X509V3_EXT_METHOD * const *b)
 {
        return ((*a)->ext_nid - (*b)->ext_nid);
 }
 
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *,
+                          ext_cmp);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
+                            const X509V3_EXT_METHOD *, ext_cmp);
+
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
 {
-       X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
+       X509V3_EXT_METHOD tmp;
+       const X509V3_EXT_METHOD *t = &tmp, * const *ret;
        int idx;
        if(nid < 0) return NULL;
        tmp.ext_nid = nid;
-       ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
-                       (char *)standard_exts, STANDARD_EXTENSION_COUNT,
-                       sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
+       ret = OBJ_bsearch(const X509V3_EXT_METHOD *, &t,
+                         const X509V3_EXT_METHOD *, standard_exts,
+                         STANDARD_EXTENSION_COUNT, ext_cmp);
        if(ret) return *ret;
        if(!ext_list) return NULL;
        idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
@@ -105,7 +111,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
        return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 }
 
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
 {
        int nid;
        if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
@@ -122,7 +128,9 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
 
 int X509V3_EXT_add_alias(int nid_to, int nid_from)
 {
-       X509V3_EXT_METHOD *ext, *tmpext;
+       const X509V3_EXT_METHOD *ext;
+       X509V3_EXT_METHOD *tmpext;
+
        if(!(ext = X509V3_EXT_get_nid(nid_from))) {
                X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
                return 0;
@@ -161,7 +169,7 @@ int X509V3_add_standard_extensions(void)
 
 void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 {
-       X509V3_EXT_METHOD *method;
+       const X509V3_EXT_METHOD *method;
        const unsigned char *p;
 
        if(!(method = X509V3_EXT_get(ext))) return NULL;
index 9a99cb2..452437d 100644 (file)
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, 
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, 
                                void *a, BIO *bp, int ind);
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-                               STACK_OF(GENERAL_SUBTREE) *trees,
-                                       BIO *bp, int ind, char *name);
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                  STACK_OF(GENERAL_SUBTREE) *trees,
+                                  BIO *bp, int ind, char *name);
 static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
 
 static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
@@ -106,8 +106,8 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
 
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
        {
        int i;
        CONF_VALUE tval, *val;
@@ -162,8 +162,8 @@ static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
 
        
 
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               void *a, BIO *bp, int ind)
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                               BIO *bp, int ind)
        {
        NAME_CONSTRAINTS *ncons = a;
        do_i2r_name_constraints(method, ncons->permittedSubtrees,
@@ -173,9 +173,9 @@ static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
        return 1;
        }
 
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-                               STACK_OF(GENERAL_SUBTREE) *trees,
-                                       BIO *bp, int ind, char *name)
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                  STACK_OF(GENERAL_SUBTREE) *trees,
+                                  BIO *bp, int ind, char *name)
        {
        GENERAL_SUBTREE *tree;
        int i;
index 62aac06..ac1fee6 100644 (file)
 /* OCSP extensions and a couple of CRL entry extensions
  */
 
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
+                         BIO *out, int indent);
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
+                           BIO *out, int indent);
+static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
+                     int indent);
 
 static void *ocsp_nonce_new(void);
 static int i2d_ocsp_nonce(void *a, unsigned char **pp);
 static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
 static void ocsp_nonce_free(void *a);
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                         BIO *out, int indent);
 
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+                           void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                             const char *str);
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                              BIO *bp, int ind);
 
 const X509V3_EXT_METHOD v3_ocsp_crlid = {
        NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
@@ -148,7 +155,8 @@ const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
        NULL
 };
 
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
+                         int ind)
 {
        OCSP_CRLID *a = in;
        if (a->crlUrl)
@@ -174,7 +182,8 @@ static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
        return 0;
 }
 
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
+                           BIO *bp, int ind)
 {
        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
        if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
@@ -182,7 +191,8 @@ static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, in
 }
 
 
-static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
+                     int ind)
 {
        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
        if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
@@ -232,7 +242,8 @@ static void ocsp_nonce_free(void *a)
        M_ASN1_OCTET_STRING_free(a);
 }
 
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                         BIO *out, int indent)
 {
        if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
        if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
@@ -241,17 +252,20 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int
 
 /* Nocheck is just a single NULL. Don't print anything and always set it */
 
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
+                           BIO *out, int indent)
 {
        return 1;
 }
 
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                             const char *str)
 {
        return ASN1_NULL_new();
 }
 
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                              BIO *bp, int ind)
         {
        int i;
        OCSP_SERVICELOC *a = in;
index 13248c2..a14aa30 100644 (file)
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               void *bcons, STACK_OF(CONF_VALUE) *extlist);
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons,
+                      STACK_OF(CONF_VALUE) *extlist);
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx,
+                                   STACK_OF(CONF_VALUE) *values);
 
 const X509V3_EXT_METHOD v3_policy_constraints = {
 NID_policy_constraints, 0,
@@ -88,8 +90,9 @@ ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
 
 
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-            void *a, STACK_OF(CONF_VALUE) *extlist)
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                      STACK_OF(CONF_VALUE) *extlist)
 {
        POLICY_CONSTRAINTS *pcons = a;
        X509V3_add_value_int("Require Explicit Policy",
@@ -99,8 +102,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
        return extlist;
 }
 
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-            X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx,
+                                   STACK_OF(CONF_VALUE) *values)
 {
        POLICY_CONSTRAINTS *pcons=NULL;
        CONF_VALUE *val;
index 6263032..bac5a50 100644 (file)
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-                               void *pmps, STACK_OF(CONF_VALUE) *extlist);
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *pmps,
+                   STACK_OF(CONF_VALUE) *extlist);
 
 const X509V3_EXT_METHOD v3_policy_mappings = {
        NID_policy_mappings, 0,
@@ -92,8 +93,9 @@ ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
 
 
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-               void *a, STACK_OF(CONF_VALUE) *ext_list)
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *a,
+                   STACK_OF(CONF_VALUE) *ext_list)
 {
        POLICY_MAPPINGS *pmaps = a;
        POLICY_MAPPING *pmap;
@@ -109,8 +111,8 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
        return ext_list;
 }
 
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        POLICY_MAPPINGS *pmaps;
        POLICY_MAPPING *pmap;
index 20bd9bd..feb5768 100644 (file)
@@ -110,7 +110,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
        void *ext_str = NULL;
        char *value = NULL;
        const unsigned char *p;
-       X509V3_EXT_METHOD *method;      
+       const X509V3_EXT_METHOD *method;        
        STACK_OF(CONF_VALUE) *nval = NULL;
        int ok = 1;
 
index 1ca370d..a5d9805 100644 (file)
@@ -267,11 +267,14 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
        return xp->trust;
 }
 
-static int nid_cmp(int *a, int *b)
+static int nid_cmp(const int *a, const int *b)
        {
        return *a - *b;
        }
 
+DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid_cmp);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid_cmp);
+
 int X509_supported_extension(X509_EXTENSION *ex)
        {
        /* This table is a list of the NIDs of supported extensions:
@@ -282,7 +285,7 @@ int X509_supported_extension(X509_EXTENSION *ex)
         * searched using bsearch.
         */
 
-       static int supported_nids[] = {
+       static const int supported_nids[] = {
                NID_netscape_cert_type, /* 71 */
                NID_key_usage,          /* 83 */
                NID_subject_alt_name,   /* 85 */
@@ -300,16 +303,13 @@ int X509_supported_extension(X509_EXTENSION *ex)
                NID_inhibit_any_policy  /* 748 */
        };
 
-       int ex_nid;
-
-       ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+       const int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
 
        if (ex_nid == NID_undef) 
                return 0;
 
-       if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
-               sizeof(supported_nids)/sizeof(int), sizeof(int),
-               (int (*)(const void *, const void *))nid_cmp))
+       if (OBJ_bsearch(int, &ex_nid, int, supported_nids,
+                       sizeof(supported_nids)/sizeof(int), nid_cmp))
                return 1;
        return 0;
        }
index 22b1b7f..460a040 100644 (file)
@@ -76,12 +76,19 @@ typedef void * (*X509V3_EXT_NEW)(void);
 typedef void (*X509V3_EXT_FREE)(void *);
 typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
 typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
-typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
+typedef STACK_OF(CONF_VALUE) *
+  (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext,
+                   STACK_OF(CONF_VALUE) *extlist);
+typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx,
+                                STACK_OF(CONF_VALUE) *values);
+typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
+typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx, const char *str);
+typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
+                             BIO *out, int indent);
+typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx, const char *str);
 
 /* V3 extension structure */
 
@@ -533,8 +540,8 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
 
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
                GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 
 DECLARE_ASN1_FUNCTIONS(OTHERNAME)
 DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
@@ -584,14 +591,15 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
 DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
 
 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
-                               X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                               int gen_type, char *value, int is_nc);
+                              const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              int gen_type, char *value, int is_nc);
 
 #ifdef HEADER_CONF_H
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                       CONF_VALUE *cnf);
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              CONF_VALUE *cnf);
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+                                 const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
 void X509V3_conf_free(CONF_VALUE *val);
 
 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
@@ -644,8 +652,8 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
 int X509V3_EXT_add_alias(int nid_to, int nid_from);
 void X509V3_EXT_cleanup(void);
 
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
 int X509V3_add_standard_extensions(void);
 STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
index fdf8774..1cdfb26 100644 (file)
@@ -219,8 +219,7 @@ e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 e_capi.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 e_capi.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 e_capi.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-e_capi.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 e_capi.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 e_capi.o: ../include/openssl/sha.h ../include/openssl/stack.h
 e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
index d948691..bd28b75 100644 (file)
@@ -175,9 +175,9 @@ void dtls1_clear(SSL *s)
  * to explicitly list their SSL_* codes. Currently RC4 is the only one
  * available, but if new ones emerge, they will have to be added...
  */
-SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
        {
-       SSL_CIPHER *ciph = ssl3_get_cipher(u);
+       const SSL_CIPHER *ciph = ssl3_get_cipher(u);
 
        if (ciph != NULL)
                {
index 88fb564..e3fce53 100644 (file)
@@ -74,7 +74,7 @@ int ssl23_num_ciphers(void)
            );
        }
 
-SSL_CIPHER *ssl23_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
        {
        unsigned int uu=ssl3_num_ciphers();
 
@@ -90,9 +90,10 @@ SSL_CIPHER *ssl23_get_cipher(unsigned int u)
 
 /* This function needs to check if the ciphers required are actually
  * available */
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
        {
-       SSL_CIPHER c,*cp;
+       SSL_CIPHER c;
+       const SSL_CIPHER *cp;
        unsigned long id;
        int n;
 
index 25148d3..d93a2c7 100644 (file)
@@ -121,7 +121,7 @@ const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
 #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
 
 /* list of available SSLv2 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
+OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
 #if 0
 /* NULL_WITH_MD5 v3 */
        {
@@ -303,7 +303,7 @@ int ssl2_num_ciphers(void)
        return(SSL2_NUM_CIPHERS);
        }
 
-SSL_CIPHER *ssl2_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
        {
        if (u < SSL2_NUM_CIPHERS)
                return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
@@ -412,20 +412,22 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
        return(0);
        }
 
+IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER,
+                                   ssl_cipher_id_cmp);
+
 /* This function needs to check if the ciphers required are actually
  * available */
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
        {
-       SSL_CIPHER c,*cp;
+       SSL_CIPHER c;
+       const SSL_CIPHER *cp;
        unsigned long id;
 
        id=0x02000000L|((unsigned long)p[0]<<16L)|
                ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
        c.id=id;
-       cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
-               (char *)ssl2_ciphers,
-               SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
-               FP_ICC ssl_cipher_id_cmp);
+       cp = OBJ_bsearch(const SSL_CIPHER, &c, const SSL_CIPHER, ssl2_ciphers,
+                        SSL2_NUM_CIPHERS, ssl_cipher_id_cmp);
        if ((cp == NULL) || (cp->valid == 0))
                return NULL;
        else
index 2bffa78..f0e8ca5 100644 (file)
@@ -71,9 +71,9 @@ static const SSL_METHOD *ssl2_get_method(int ver)
        }
 
 IMPLEMENT_ssl2_meth_func(SSLv2_method,
-                       ssl2_accept,
-                       ssl2_connect,
-                       ssl2_get_method)
+                        ssl2_accept,
+                        ssl2_connect,
+                        ssl2_get_method)
 
 #else /* !OPENSSL_NO_SSL2 */
 
index 6490d0b..b43a046 100644 (file)
@@ -366,7 +366,7 @@ static int get_client_master_key(SSL *s)
        int is_export,i,n,keya,ek;
        unsigned long len;
        unsigned char *p;
-       SSL_CIPHER *cp;
+       const SSL_CIPHER *cp;
        const EVP_CIPHER *c;
        const EVP_MD *md;
 
index e339dbc..aae1334 100644 (file)
@@ -719,7 +719,7 @@ err:
 int ssl3_get_server_hello(SSL *s)
        {
        STACK_OF(SSL_CIPHER) *sk;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
        unsigned char *p,*d;
        int i,al,ok;
        unsigned int j;
index f09238f..7e89699 100644 (file)
@@ -2101,7 +2101,7 @@ int ssl3_num_ciphers(void)
        return(SSL3_NUM_CIPHERS);
        }
 
-SSL_CIPHER *ssl3_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
        {
        if (u < SSL3_NUM_CIPHERS)
                return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
@@ -2786,17 +2786,16 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 
 /* This function needs to check if the ciphers required are actually
  * available */
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
        {
-       SSL_CIPHER c,*cp;
+       SSL_CIPHER c;
+       const SSL_CIPHER *cp;
        unsigned long id;
 
        id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
        c.id=id;
-       cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
-               (char *)ssl3_ciphers,
-               SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
-               FP_ICC ssl_cipher_id_cmp);
+       cp = OBJ_bsearch(SSL_CIPHER, &c, SSL_CIPHER, ssl3_ciphers,
+                        SSL3_NUM_CIPHERS, ssl_cipher_id_cmp);
        if (cp == NULL || cp->valid == 0)
                return NULL;
        else
index 6b39ce8..cdddb17 100644 (file)
@@ -70,8 +70,8 @@ static const SSL_METHOD *ssl3_get_method(int ver)
        }
 
 IMPLEMENT_ssl3_meth_func(SSLv3_method,
-                       ssl3_accept,
-                       ssl3_connect,
-                       ssl3_get_method)
+                        ssl3_accept,
+                        ssl3_connect,
+                        ssl3_get_method)
 
 
index d3fdccd..f23f24b 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -401,11 +401,11 @@ typedef struct ssl_method_st
        int (*ssl_dispatch_alert)(SSL *s);
        long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
        long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
-       SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
+       const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
        int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
        int (*ssl_pending)(const SSL *s);
        int (*num_ciphers)(void);
-       SSL_CIPHER *(*get_cipher)(unsigned ncipher);
+       const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
        const struct ssl_method_st *(*get_ssl_method)(int version);
        long (*get_timeout)(void);
        struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
@@ -483,7 +483,7 @@ typedef struct ssl_session_st
 
        int compress_meth;              /* Need to lookup the method */
 
-       SSL_CIPHER *cipher;
+       const SSL_CIPHER *cipher;
        unsigned long cipher_id;        /* when ASN.1 loaded, this
                                         * needs to be used to load
                                         * the 'cipher' structure */
@@ -1431,7 +1431,7 @@ int       SSL_clear(SSL *s);
 
 void   SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
 
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
 int    SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
 char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *   SSL_CIPHER_get_name(const SSL_CIPHER *c);
index 646a8e6..56f17f6 100644 (file)
@@ -465,7 +465,7 @@ typedef struct ssl3_state_st
                int message_type;
 
                /* used to hold the new cipher we are going to use */
-               SSL_CIPHER *new_cipher;
+               const SSL_CIPHER *new_cipher;
 #ifndef OPENSSL_NO_DH
                DH *dh;
 #endif
index c31d6e0..e60a490 100644 (file)
@@ -207,7 +207,7 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
 
 typedef struct cipher_order_st
        {
-       SSL_CIPHER *cipher;
+       const SSL_CIPHER *cipher;
        int active;
        int dead;
        struct cipher_order_st *next,*prev;
@@ -437,7 +437,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
             const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
        {
        int i;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
 
        c=s->cipher;
        if (c == NULL) return(0);
@@ -682,7 +682,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
        {
        int i, co_list_num;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
 
        /*
         * We have num_of_ciphers descriptions compiled in, depending on the
@@ -745,7 +745,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                }
        }
 
-static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
+static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
                         int num_of_group_aliases,
                         unsigned long disabled_mkey, unsigned long disabled_auth,
                         unsigned long disabled_enc, unsigned long disabled_mac,
@@ -753,7 +753,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
                        CIPHER_ORDER *head)
        {
        CIPHER_ORDER *ciph_curr;
-       SSL_CIPHER **ca_curr;
+       const SSL_CIPHER **ca_curr;
        int i;
        unsigned long mask_mkey = ~disabled_mkey;
        unsigned long mask_auth = ~disabled_auth;
@@ -823,7 +823,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
        {
        CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
-       SSL_CIPHER *cp;
+       const SSL_CIPHER *cp;
        int reverse = 0;
 
 #ifdef CIPHER_DEBUG
@@ -999,7 +999,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
 
 static int ssl_cipher_process_rulestr(const char *rule_str,
                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
-                SSL_CIPHER **ca_list)
+                const SSL_CIPHER **ca_list)
        {
        unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
        const char *l, *start, *buf;
@@ -1258,7 +1258,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
        const char *rule_p;
        CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
-       SSL_CIPHER **ca_list = NULL;
+       const SSL_CIPHER **ca_list = NULL;
 
        /*
         * Return with error if nothing to do.
@@ -1345,8 +1345,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
        num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
-       ca_list =
-               (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+       ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
        if (ca_list == NULL)
                {
                OPENSSL_free(co_list);
index 203bce6..803894c 100644 (file)
@@ -1348,7 +1348,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                                               STACK_OF(SSL_CIPHER) **skp)
        {
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
        STACK_OF(SSL_CIPHER) *sk;
        int i,n;
 
@@ -1751,7 +1751,7 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
        X509_VERIFY_PARAM_set_depth(ctx->param, depth);
        }
 
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
        {
        CERT_PKEY *cpk;
        int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
@@ -1963,7 +1963,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 #define ku_reject(x, usage) \
        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
 
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
        {
        unsigned long alg_k, alg_a;
        EVP_PKEY *pkey = NULL;
@@ -2109,7 +2109,7 @@ X509 *ssl_get_server_send_cert(SSL *s)
        return(c->pkeys[i].x509);
        }
 
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
        {
        unsigned long alg_a;
        CERT *c;
@@ -2547,7 +2547,7 @@ EVP_PKEY *SSL_get_privatekey(SSL *s)
                return(NULL);
        }
 
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
        {
        if ((s->session != NULL) && (s->session->cipher != NULL))
                return(s->session->cipher);
index a499a16..ad69a71 100644 (file)
@@ -577,7 +577,7 @@ typedef struct ssl3_buf_freelist_entry_st
 #endif
 
 extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
+OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
 OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
 
 
@@ -784,6 +784,8 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
 int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
 int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER,
+                                 ssl_cipher_id_cmp);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
                        const SSL_CIPHER * const *bp);
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
@@ -803,9 +805,9 @@ int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
 X509 *ssl_get_server_send_cert(SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
+EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
@@ -814,7 +816,7 @@ int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
 void ssl2_enc(SSL *s,int send_data);
 void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
 int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
 int ssl2_part_read(SSL *s, unsigned long f, int i);
 int ssl2_do_write(SSL *s);
@@ -822,7 +824,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
 void ssl2_return_error(SSL *s,int reason);
 void ssl2_write_error(SSL *s);
 int ssl2_num_ciphers(void);
-SSL_CIPHER *ssl2_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
 int    ssl2_new(SSL *s);
 void   ssl2_free(SSL *s);
 int    ssl2_accept(SSL *s);
@@ -839,7 +841,7 @@ long        ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
 int    ssl2_pending(const SSL *s);
 long   ssl2_default_timeout(void );
 
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
 int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
 void ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
@@ -858,7 +860,7 @@ int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
 int ssl3_num_ciphers(void);
-SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
 int ssl3_renegotiate(SSL *ssl); 
 int ssl3_renegotiate_check(SSL *ssl); 
 int ssl3_dispatch_alert(SSL *s);
@@ -899,12 +901,12 @@ int ssl3_do_change_cipher_spec(SSL *ssl);
 long ssl3_default_timeout(void );
 
 int ssl23_num_ciphers(void );
-SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
 int ssl23_read(SSL *s, void *buf, int len);
 int ssl23_peek(SSL *s, void *buf, int len);
 int ssl23_write(SSL *s, const void *buf, int len);
 int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
 long ssl23_default_timeout(void );
 
 long tls1_default_timeout(void);
@@ -934,7 +936,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
 void dtls1_reset_seq_numbers(SSL *s, int rw);
 long dtls1_default_timeout(void);
-SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
 
 
 /* some client-only functions */
@@ -1020,7 +1022,7 @@ int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
 
 #ifndef OPENSSL_NO_ECDH
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs);
 #endif
 
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
index b20ab0f..c76f667 100644 (file)
@@ -317,7 +317,7 @@ static void sv_usage(void)
 
 static void print_details(SSL *c_ssl, const char *prefix)
        {
-       SSL_CIPHER *ciph;
+       const SSL_CIPHER *ciph;
        X509 *cert;
                
        ciph=SSL_get_current_cipher(c_ssl);
@@ -2408,7 +2408,7 @@ static int do_test_cipherlist(void)
        {
        int i = 0;
        const SSL_METHOD *meth;
-       SSL_CIPHER *ci, *tci = NULL;
+       const SSL_CIPHER *ci, *tci = NULL;
 
 #ifndef OPENSSL_NO_SSL2
        fprintf(stderr, "testing SSLv2 cipher list order: ");