Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
+ *) The STACK code has been cleaned up, and certain type declarations
+ that didn't make a lot of sense have been brought in line. This has
+ also involved a cleanup of sorts in safestack.h to more correctly
+ map type-safe stack functions onto their plain stack counterparts.
+ This work has also resulted in a variety of "const"ifications of
+ lots of the code, especially "_cmp" operations which should normally
+ be prototyped with "const" parameters anyway.
+ [Geoff Thorpe]
+
*) When generating bytes for the first time in md_rand.c, 'stir the pool'
by seeding with STATE_SIZE dummy bytes (with zero entropy count).
(The PRNG state consists of two parts, the large pool 'state' and 'md',
static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
static void st_free(ASN1_STRING_TABLE *tbl);
-static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b);
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+ const ASN1_STRING_TABLE * const *b);
static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b);
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
};
-static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b)
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+ const ASN1_STRING_TABLE * const *b)
{
return (*a)->nid - (*b)->nid;
}
#include <openssl/asn1_mac.h>
#include <openssl/x509.h>
-static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b);
-static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b);
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+ const X509_REVOKED * const *b);
+static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
+ const X509_REVOKED * const *b);
int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
{
M_ASN1_I2D_vars(a);
{
int v1=0;
long l=0;
- int (*old_cmp)(X509_REVOKED **,X509_REVOKED **);
+ int (*old_cmp)(const X509_REVOKED * const *,
+ const X509_REVOKED * const *);
M_ASN1_I2D_vars(a);
old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
Free(a);
}
-static int X509_REVOKED_cmp(X509_REVOKED **a, X509_REVOKED **b)
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+ const X509_REVOKED * const *b)
{
return(ASN1_STRING_cmp(
(ASN1_STRING *)(*a)->serialNumber,
(ASN1_STRING *)(*b)->serialNumber));
}
-static int X509_REVOKED_seq_cmp(X509_REVOKED **a, X509_REVOKED **b)
+static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
+ const X509_REVOKED * const *b)
{
return((*a)->sequence-(*b)->sequence);
}
static MIME_HEADER *mime_hdr_new(char *name, char *value);
static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
-static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b);
-static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b);
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+ const MIME_HEADER * const *b);
+static int mime_param_cmp(const MIME_PARAM * const *a,
+ const MIME_PARAM * const *b);
static void mime_param_free(MIME_PARAM *param);
static int mime_bound_check(char *line, int linelen, char *bound, int blen);
static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
return 1;
}
-static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b)
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+ const MIME_HEADER * const *b)
{
return(strcmp((*a)->name, (*b)->name));
}
-static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b)
+static int mime_param_cmp(const MIME_PARAM * const *a,
+ const MIME_PARAM * const *b)
{
return(strcmp((*a)->param_name, (*b)->param_name));
}
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len);
-int X509_CRL_digest(X509_CRL *data,const EVP_MD *type,unsigned char *md,unsigned int *len);
-int X509_REQ_digest(X509_REQ *data,const EVP_MD *type,unsigned char *md,unsigned int *len);
-int X509_NAME_digest(X509_NAME *data,const EVP_MD *type,
- unsigned char *md,unsigned int *len);
+int X509_digest(const X509 *data,const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
#endif
#ifndef NO_FP_API
int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
-int X509_issuer_and_serial_cmp(X509 *a, X509 *b);
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
unsigned long X509_issuer_and_serial_hash(X509 *a);
-int X509_issuer_name_cmp(X509 *a, X509 *b);
+int X509_issuer_name_cmp(const X509 *a, const X509 *b);
unsigned long X509_issuer_name_hash(X509 *a);
-int X509_subject_name_cmp(X509 *a,X509 *b);
+int X509_subject_name_cmp(const X509 *a, const X509 *b);
unsigned long X509_subject_name_hash(X509 *x);
-int X509_cmp (X509 *a, X509 *b);
-int X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
+int X509_cmp(const X509 *a, const X509 *b);
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
unsigned long X509_NAME_hash(X509_NAME *x);
-int X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
#ifndef NO_FP_API
int X509_print_fp(FILE *bp,X509 *x);
int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
{
int i;
X509_CINF *ai,*bi;
}
#endif
-int X509_issuer_name_cmp(X509 *a, X509 *b)
+int X509_issuer_name_cmp(const X509 *a, const X509 *b)
{
return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
}
-int X509_subject_name_cmp(X509 *a, X509 *b)
+int X509_subject_name_cmp(const X509 *a, const X509 *b)
{
return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
}
-int X509_CRL_cmp(X509_CRL *a, X509_CRL *b)
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
{
return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
}
#ifndef NO_SHA
/* Compare two certificates: they must be identical for
- * this to work.
+ * this to work. NB: Although "cmp" operations are generally
+ * prototyped to take "const" arguments (eg. for use in
+ * STACKs), the way X509 handling is - these operations may
+ * involve ensuring the hashes are up-to-date and ensuring
+ * certain cert information is cached. So this is the point
+ * where the "depth-first" constification tree has to halt
+ * with an evil cast.
*/
-int X509_cmp(X509 *a, X509 *b)
+int X509_cmp(const X509 *a, const X509 *b)
{
/* ensure hash is valid */
- X509_check_purpose(a, -1, 0);
- X509_check_purpose(b, -1, 0);
+ X509_check_purpose((X509 *)a, -1, 0);
+ X509_check_purpose((X509 *)b, -1, 0);
return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
}
#endif
-int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
int i,j;
X509_NAME_ENTRY *na,*nb;
#include <openssl/x509v3.h>
-static int tr_cmp(X509_TRUST **a, X509_TRUST **b);
+static int tr_cmp(const X509_TRUST * const *a,
+ const X509_TRUST * const *b);
static void trtable_free(X509_TRUST *p);
static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
static STACK_OF(X509_TRUST) *trtable = NULL;
-static int tr_cmp(X509_TRUST **a, X509_TRUST **b)
+static int tr_cmp(const X509_TRUST * const *a,
+ const X509_TRUST * const *b)
{
return (*a)->trust - (*b)->trust;
}
(char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
}
-int X509_digest(X509 *data, const EVP_MD *type, unsigned char *md,
+int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
}
-int X509_CRL_digest(X509_CRL *data, const EVP_MD *type, unsigned char *md,
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
return(ASN1_digest((int (*)())i2d_X509_CRL,type,(char *)data,md,len));
}
-int X509_REQ_digest(X509_REQ *data, const EVP_MD *type, unsigned char *md,
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
return(ASN1_digest((int (*)())i2d_X509_REQ,type,(char *)data,md,len));
}
-int X509_NAME_digest(X509_NAME *data, const EVP_MD *type, unsigned char *md,
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
-static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
+static int ext_cmp(const X509V3_EXT_METHOD * const *a,
+ const X509V3_EXT_METHOD * const *b);
static void ext_list_free(X509V3_EXT_METHOD *ext);
int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
return 1;
}
-static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b)
+static int ext_cmp(const X509V3_EXT_METHOD * const *a,
+ const X509V3_EXT_METHOD * const *b)
{
return ((*a)->ext_nid - (*b)->ext_nid);
}
static void x509v3_cache_extensions(X509 *x);
-static int ca_check(X509 *x);
-static int check_ssl_ca(X509 *x);
-static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca);
-static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca);
-static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca);
-static int purpose_smime(X509 *x, int ca);
-static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca);
-static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca);
-static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca);
-static int no_check(X509_PURPOSE *xp, X509 *x, int ca);
-
-static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b);
+static int ca_check(const X509 *x);
+static int check_ssl_ca(const X509 *x);
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int purpose_smime(const X509 *x, int ca);
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
+
+static int xp_cmp(const X509_PURPOSE * const *a,
+ const X509_PURPOSE * const *b);
static void xptable_free(X509_PURPOSE *p);
static X509_PURPOSE xstandard[] = {
static STACK_OF(X509_PURPOSE) *xptable = NULL;
-static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b)
+static int xp_cmp(const X509_PURPOSE * const *a,
+ const X509_PURPOSE * const *b)
{
return (*a)->purpose - (*b)->purpose;
}
+/* As much as I'd like to make X509_check_purpose use a "const" X509*
+ * I really can't because it does recalculate hashes and do other non-const
+ * things. */
int X509_check_purpose(X509 *x, int id, int ca)
{
int idx;
- X509_PURPOSE *pt;
+ const X509_PURPOSE *pt;
if(!(x->ex_flags & EXFLAG_SET)) {
CRYPTO_w_lock(CRYPTO_LOCK_X509);
x509v3_cache_extensions(x);
}
int X509_PURPOSE_add(int id, int trust, int flags,
- int (*ck)(X509_PURPOSE *, X509 *, int),
+ int (*ck)(const X509_PURPOSE *, const X509 *, int),
char *name, char *sname, void *arg)
{
int idx;
#define ns_reject(x, usage) \
(((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
-static int ca_check(X509 *x)
+static int ca_check(const X509 *x)
{
/* keyUsage if present should allow cert signing */
if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
}
/* Check SSL CA: common checks for SSL client and server */
-static int check_ssl_ca(X509 *x)
+static int check_ssl_ca(const X509 *x)
{
int ca_ret;
ca_ret = ca_check(x);
}
-static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
{
if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
if(ca) return check_ssl_ca(x);
return 1;
}
-static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
{
if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
if(ca) return check_ssl_ca(x);
}
-static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
{
int ret;
ret = check_purpose_ssl_server(xp, x, ca);
}
/* common S/MIME checks */
-static int purpose_smime(X509 *x, int ca)
+static int purpose_smime(const X509 *x, int ca)
{
if(xku_reject(x,XKU_SMIME)) return 0;
if(ca) {
return 1;
}
-static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
{
int ret;
ret = purpose_smime(x, ca);
return ret;
}
-static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
{
int ret;
ret = purpose_smime(x, ca);
return ret;
}
-static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
{
if(ca) {
int ca_ret;
return 1;
}
-static int no_check(X509_PURPOSE *xp, X509 *x, int ca)
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
{
return 1;
}
int purpose;
int trust; /* Default trust ID */
int flags;
- int (*check_purpose)(struct x509_purpose_st *, X509 *, int);
+ int (*check_purpose)(const struct x509_purpose_st *,
+ const X509 *, int);
char *name;
char *sname;
void *usr_data;
int X509_PURPOSE_get_by_sname(char *sname);
int X509_PURPOSE_get_by_id(int id);
int X509_PURPOSE_add(int id, int trust, int flags,
- int (*ck)(X509_PURPOSE *, X509 *, int),
+ int (*ck)(const X509_PURPOSE *, const X509 *, int),
char *name, char *sname, void *arg);
char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
static int ssl3_client_hello(SSL *s);
static int ssl3_get_server_hello(SSL *s);
static int ssl3_get_certificate_request(SSL *s);
-static int ca_dn_cmp(X509_NAME **a,X509_NAME **b);
+static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
static int ssl3_get_server_done(SSL *s);
static int ssl3_send_client_verify(SSL *s);
static int ssl3_send_client_certificate(SSL *s);
return(ret);
}
-static int ca_dn_cmp(X509_NAME **a, X509_NAME **b)
+static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
{
return(X509_NAME_cmp(*a,*b));
}
return(add_client_CA(&(ctx->client_CA),x));
}
-static int xname_cmp(X509_NAME **a,X509_NAME **b)
+static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
{
return(X509_NAME_cmp(*a,*b));
}
X509 *x=NULL;
X509_NAME *xn=NULL;
int ret=1;
- int (*oldcmp)(X509_NAME **a, X509_NAME **b);
+ int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
return(NULL);
}
-static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b)
+static int sk_comp_cmp(const SSL_COMP * const *a,
+ const SSL_COMP * const *b)
{
return((*a)->id-(*b)->id);
}
}
}
-int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
{
long l;
return((l > 0)?1:-1);
}
-int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp)
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+ const SSL_CIPHER * const *bp)
{
long l;
int ssl_set_peer_cert_type(SESS_CERT *c, int type);
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
-int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b);
-int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp);
+int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+ const SSL_CIPHER * const *bp);
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
STACK_OF(SSL_CIPHER) **skp);
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
projects / openssl.git / commitdiff