wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Type-checked (and modern C compliant) OBJ_bsearch.

Browse source
This commit is contained in:
Ben Laurie 2008-10-12 14:32:47 +00:00
parent 6665ef303e
commit babb379849
42 changed files with 424 additions and 351 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -4,6 +4,11 @@
Changes between 0.9.8j and 0.9.9 [xx XXX xxxx]
*) Type-checked OBJ_bsearch. Also some constification necessitated
by type-checking. Still to come: TXT_DB, bsearch(?),
OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING,
CONF_VALUE. [Ben Laurie]
*) New function OPENSSL_gmtime_adj() to add a specific number of days and
seconds to a tm structure directly, instead of going through OS
specific date routines. This avoids any issues with OS routines such

1
Configure
View file

@ -164,6 +164,7 @@ my %table=(
"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",

2
apps/s_client.c
View file

@ -1531,7 +1531,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
char buf[BUFSIZ];
STACK_OF(X509) *sk;
STACK_OF(X509_NAME) *sk2;
SSL_CIPHER *c;
const SSL_CIPHER *c;
X509_NAME *xn;
int j,i;
#ifndef OPENSSL_NO_COMP

2
apps/s_server.c
View file

@ -2182,7 +2182,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
int ret=1;
int i,j,k,blank,dot;
SSL *con;
SSL_CIPHER *c;
const SSL_CIPHER *c;
BIO *io,*ssl_bio,*sbio;
long total_bytes;

18
crypto/asn1/a_strnid.c
View file

@ -67,7 +67,6 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
static void st_free(ASN1_STRING_TABLE *tbl);
static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
const ASN1_STRING_TABLE * const *b);
static int table_cmp(const void *a, const void *b);
/* This is the global mask for the mbstring functions: this is use to
@ -186,22 +185,25 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
return (*a)->nid - (*b)->nid;
}
static int table_cmp(const void *a, const void *b)
DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table_cmp);
static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
{
const ASN1_STRING_TABLE *sa = a, *sb = b;
return sa->nid - sb->nid;
return a->nid - b->nid;
}
IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table_cmp);
ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
{
int idx;
ASN1_STRING_TABLE *ttmp;
ASN1_STRING_TABLE fnd;
fnd.nid = nid;
ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
(char *)tbl_standard,
sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
sizeof(ASN1_STRING_TABLE), table_cmp);
ttmp = OBJ_bsearch(ASN1_STRING_TABLE, &fnd,
ASN1_STRING_TABLE, tbl_standard,
sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
table_cmp);
if(ttmp) return ttmp;
if(!stable) return NULL;
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);

21
crypto/asn1/ameth_lib.c
View file

@ -112,12 +112,18 @@ void main()
}
#endif
DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PKEY_ASN1_METHOD *,
const EVP_PKEY_ASN1_METHOD *, ameth_cmp);
static int ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a,
const EVP_PKEY_ASN1_METHOD * const *b)
const EVP_PKEY_ASN1_METHOD * const *b)
{
return ((*a)->pkey_id - (*b)->pkey_id);
}
IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PKEY_ASN1_METHOD *,
const EVP_PKEY_ASN1_METHOD *, ameth_cmp);
int EVP_PKEY_asn1_get_count(void)
{
int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
@ -139,7 +145,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
{
EVP_PKEY_ASN1_METHOD tmp, *t = &tmp, **ret;
EVP_PKEY_ASN1_METHOD tmp, *t = &tmp;
const EVP_PKEY_ASN1_METHOD **ret;
tmp.pkey_id = type;
if (app_methods)
{
@ -148,11 +155,11 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
if (idx >= 0)
return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
}
ret = (EVP_PKEY_ASN1_METHOD **) OBJ_bsearch((char *)&t,
(char *)standard_methods,
sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *),
sizeof(EVP_PKEY_ASN1_METHOD *),
(int (*)(const void *, const void *))ameth_cmp);
ret = OBJ_bsearch(EVP_PKEY_ASN1_METHOD *, &t,
const EVP_PKEY_ASN1_METHOD *, standard_methods,
sizeof(standard_methods)
/sizeof(EVP_PKEY_ASN1_METHOD *),
ameth_cmp);
if (!ret || !*ret)
return NULL;
return *ret;

17
crypto/evp/evp_pbe.c
View file

@ -189,10 +189,10 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
return 1;
}
static int pbe_cmp2(const void *a, const void *b)
DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe_cmp2);
static int pbe_cmp2(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
{
const EVP_PBE_CTL *pbe1 = a;
const EVP_PBE_CTL *pbe2 = b;
int ret = pbe1->pbe_type - pbe2->pbe_type;
if (ret)
return ret;
@ -200,6 +200,8 @@ static int pbe_cmp2(const void *a, const void *b)
return pbe1->pbe_nid - pbe2->pbe_nid;
}
IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe_cmp2);
static int pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
{
int ret = (*a)->pbe_type - (*b)->pbe_type;
@ -269,11 +271,10 @@ int EVP_PBE_find(int type, int pbe_nid,
}
if (pbetmp == NULL)
{
pbetmp = (EVP_PBE_CTL *) OBJ_bsearch((char *)&pbelu,
(char *)builtin_pbe,
sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL),
sizeof(EVP_PBE_CTL),
pbe_cmp2);
pbetmp = OBJ_bsearch(EVP_PBE_CTL, &pbelu,
EVP_PBE_CTL, builtin_pbe,
sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL),
pbe_cmp2);
}
if (pbetmp == NULL)
return 0;

20
crypto/evp/pmeth_lib.c
View file

@ -84,15 +84,22 @@ static const EVP_PKEY_METHOD *standard_methods[] =
&hmac_pkey_meth,
};
DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
pmeth_cmp);
static int pmeth_cmp(const EVP_PKEY_METHOD * const *a,
const EVP_PKEY_METHOD * const *b)
const EVP_PKEY_METHOD * const *b)
{
return ((*a)->pkey_id - (*b)->pkey_id);
}
IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
pmeth_cmp);
const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
{
EVP_PKEY_METHOD tmp, *t = &tmp, **ret;
EVP_PKEY_METHOD tmp, *t = &tmp;
const EVP_PKEY_METHOD **ret;
tmp.pkey_id = type;
if (app_pkey_methods)
{
@ -101,11 +108,10 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
if (idx >= 0)
return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
}
ret = (EVP_PKEY_METHOD **) OBJ_bsearch((char *)&t,
(char *)standard_methods,
sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *),
sizeof(EVP_PKEY_METHOD *),
(int (*)(const void *, const void *))pmeth_cmp);
ret = OBJ_bsearch(EVP_PKEY_METHOD *, &t,
const EVP_PKEY_METHOD *, standard_methods,
sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *),
pmeth_cmp);
if (!ret || !*ret)
return NULL;
return *ret;

76
crypto/objects/obj_dat.c
View file

@ -81,9 +81,10 @@ static const unsigned int ln_objs[1];
static const unsigned int obj_objs[1];
#endif
static int sn_cmp(const void *a, const void *b);
static int ln_cmp(const void *a, const void *b);
static int obj_cmp(const void *a, const void *b);
DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, sn_cmp);
DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, ln_cmp);
DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, obj_cmp);
#define ADDED_DATA 0
#define ADDED_SNAME 1
#define ADDED_LNAME 2
@ -99,19 +100,15 @@ DECLARE_LHASH_OF(ADDED_OBJ);
static int new_nid=NUM_NID;
static LHASH_OF(ADDED_OBJ) *added=NULL;
static int sn_cmp(const void *a, const void *b)
{
const ASN1_OBJECT * const *ap = a;
const unsigned int *bp = b;
return(strcmp((*ap)->sn,nid_objs[*bp].sn));
}
static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
{ return(strcmp((*a)->sn,nid_objs[*b].sn)); }
static int ln_cmp(const void *a, const void *b)
{
const ASN1_OBJECT * const *ap = a;
const unsigned int *bp = b;
return(strcmp((*ap)->ln,nid_objs[*bp].ln));
}
IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, sn_cmp)
static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
{ return(strcmp((*a)->ln,nid_objs[*b].ln)); }
IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, ln_cmp)
static unsigned long added_obj_hash(const ADDED_OBJ *ca)
{
@ -385,6 +382,19 @@ const char *OBJ_nid2ln(int n)
}
}
static int obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp)
{
int j;
const ASN1_OBJECT *a= *ap;
const ASN1_OBJECT *b= &nid_objs[*bp];
j=(a->length - b->length);
if (j) return(j);
return(memcmp(a->data,b->data,a->length));
}
IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, obj_cmp)
int OBJ_obj2nid(const ASN1_OBJECT *a)
{
const unsigned int *op;
@ -402,8 +412,8 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
adp=lh_ADDED_OBJ_retrieve(added,&ad);
if (adp != NULL) return (adp->obj->nid);
}
op=(const unsigned int *)OBJ_bsearch((const char *)&a,(const char *)obj_objs,
NUM_OBJ, sizeof(obj_objs[0]),obj_cmp);
op=OBJ_bsearch(const ASN1_OBJECT *, &a, const unsigned int, obj_objs,
NUM_OBJ, obj_cmp);
if (op == NULL)
return(NID_undef);
return(nid_objs[*op].nid);
@ -625,7 +635,8 @@ int OBJ_txt2nid(const char *s)
int OBJ_ln2nid(const char *s)
{
ASN1_OBJECT o,*oo= &o;
ASN1_OBJECT o;
const ASN1_OBJECT *oo= &o;
ADDED_OBJ ad,*adp;
const unsigned int *op;
@ -637,15 +648,16 @@ int OBJ_ln2nid(const char *s)
adp=lh_ADDED_OBJ_retrieve(added,&ad);
if (adp != NULL) return (adp->obj->nid);
}
op=(const unsigned int*)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,
sizeof(ln_objs[0]),ln_cmp);
op=OBJ_bsearch(const ASN1_OBJECT *, &oo, const unsigned int, ln_objs,
NUM_LN, ln_cmp);
if (op == NULL) return(NID_undef);
return(nid_objs[*op].nid);
}
int OBJ_sn2nid(const char *s)
{
ASN1_OBJECT o,*oo= &o;
ASN1_OBJECT o;
const ASN1_OBJECT *oo= &o;
ADDED_OBJ ad,*adp;
const unsigned int *op;
@ -657,32 +669,22 @@ int OBJ_sn2nid(const char *s)
adp=lh_ADDED_OBJ_retrieve(added,&ad);
if (adp != NULL) return (adp->obj->nid);
}
op=(const unsigned int *)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
sizeof(sn_objs[0]),sn_cmp);
op=OBJ_bsearch(const ASN1_OBJECT *, &oo, const unsigned int, sn_objs,
NUM_SN, sn_cmp);
if (op == NULL) return(NID_undef);
return(nid_objs[*op].nid);
}
static int obj_cmp(const void *ap, const void *bp)
{
int j;
const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;
const ASN1_OBJECT *b= &nid_objs[*((const unsigned int *)bp)];
j=(a->length - b->length);
if (j) return(j);
return(memcmp(a->data,b->data,a->length));
}
const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
int (*cmp)(const void *, const void *))
const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
int (*cmp)(const void *, const void *))
{
return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
}
const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
const void *OBJ_bsearch_ex(const void *key, const void *base_, int num,
int size, int (*cmp)(const void *, const void *), int flags)
{
const char *base=base_;
int l,h,i=0,c=0;
const char *p = NULL;

58
crypto/objects/obj_xref.c
View file

@ -64,28 +64,35 @@ STACK_OF(nid_triple) *sig_app, *sigx_app;
static int cmp_sig(const nid_triple *a, const nid_triple *b)
{
return **a - **b;
return a->sign_id - b->sign_id;
}
DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple, const nid_triple, cmp_sig);
IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple, const nid_triple, cmp_sig)
static int cmp_sig_sk(const nid_triple * const *a, const nid_triple * const *b)
{
return ***a - ***b;
return (*a)->sign_id - (*b)->sign_id;
}
DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, cmp_sigx);
static int cmp_sigx(const nid_triple * const *a, const nid_triple * const *b)
{
int ret;
ret = (**a)[1] - (**b)[1];
ret = (*a)->hash_id - (*b)->hash_id;
if (ret)
return ret;
return (**a)[2] - (**b)[2];
return (*a)->pkey_id - (*b)->pkey_id;
}
IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, cmp_sigx)
int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
{
nid_triple tmp, *rv = NULL;
tmp[0] = signid;
nid_triple tmp;
const nid_triple *rv = NULL;
tmp.sign_id = signid;
if (sig_app)
{
@ -97,25 +104,27 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
#ifndef OBJ_XREF_TEST2
if (rv == NULL)
{
rv = (nid_triple *)OBJ_bsearch((char *)&tmp,
(char *)sigoid_srt,
sizeof(sigoid_srt) / sizeof(nid_triple),
sizeof(nid_triple),
(int (*)(const void *, const void *))cmp_sig);
rv = OBJ_bsearch(const nid_triple,&tmp,
const nid_triple,sigoid_srt,
sizeof(sigoid_srt) / sizeof(nid_triple),
cmp_sig);
}
#endif
if (rv == NULL)
return 0;
*pdig_nid = (*rv)[1];
*ppkey_nid = (*rv)[2];
*pdig_nid = rv->hash_id;
*ppkey_nid = rv->pkey_id;
return 1;
}
int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
{
nid_triple tmp, *t=&tmp, **rv = NULL;
tmp[1] = dig_nid;
tmp[2] = pkey_nid;
nid_triple tmp;
const nid_triple const *t=&tmp;
const nid_triple **rv = NULL;
tmp.hash_id = dig_nid;
tmp.pkey_id = pkey_nid;
if (sigx_app)
{
@ -130,16 +139,15 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
#ifndef OBJ_XREF_TEST2
if (rv == NULL)
{
rv = (nid_triple **)OBJ_bsearch((char *)&t,
(char *)sigoid_srt_xref,
sizeof(sigoid_srt_xref) / sizeof(nid_triple *),
sizeof(nid_triple *),
(int (*)(const void *, const void *))cmp_sigx);
rv = OBJ_bsearch(const nid_triple *,&t,
const nid_triple *,sigoid_srt_xref,
sizeof(sigoid_srt_xref) / sizeof(nid_triple *),
cmp_sigx);
}
#endif
if (rv == NULL)
return 0;
*psignid = (**rv)[0];
*psignid = (*rv)->sign_id;
return 1;
}
@ -157,9 +165,9 @@ int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
ntr = OPENSSL_malloc(sizeof(int) * 3);
if (!ntr)
return 0;
(*ntr)[0] = signid;
(*ntr)[1] = dig_id;
(*ntr)[2] = pkey_id;
ntr->sign_id = signid;
ntr->hash_id = dig_id;
ntr->pkey_id = pkey_id;
if (!sk_nid_triple_push(sig_app, ntr))
{

69
crypto/objects/obj_xref.h
View file

@ -1,69 +0,0 @@
typedef int nid_triple[3];
static const nid_triple sigoid_srt[] =
{
{NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
{NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
{NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
{NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
{NID_dsaWithSHA, NID_sha, NID_dsa},
{NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
{NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
{NID_md5WithRSA, NID_md5, NID_rsa},
{NID_dsaWithSHA1, NID_sha1, NID_dsa},
{NID_sha1WithRSA, NID_sha1, NID_rsa},
{NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
{NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
{NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
{NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
{NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
{NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
{NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
{NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
{NID_dsa_with_SHA224, NID_sha224, NID_dsa},
{NID_dsa_with_SHA256, NID_sha256, NID_dsa},
{NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001},
{NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94},
{NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
{NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
};
static const nid_triple * const sigoid_srt_xref[] =
{
&sigoid_srt[17],
&sigoid_srt[18],
&sigoid_srt[0],
&sigoid_srt[1],
&sigoid_srt[7],
&sigoid_srt[2],
&sigoid_srt[4],
&sigoid_srt[3],
&sigoid_srt[9],
&sigoid_srt[5],
&sigoid_srt[8],
&sigoid_srt[12],
&sigoid_srt[6],
&sigoid_srt[10],
&sigoid_srt[11],
&sigoid_srt[13],
&sigoid_srt[24],
&sigoid_srt[20],
&sigoid_srt[14],
&sigoid_srt[21],
&sigoid_srt[15],
&sigoid_srt[22],
&sigoid_srt[16],
&sigoid_srt[23],
&sigoid_srt[19],
&sigoid_srt[25],
&sigoid_srt[26],
&sigoid_srt[27],
&sigoid_srt[28],
};

66
crypto/objects/objects.h
View file

@ -1011,10 +1011,68 @@ int OBJ_txt2nid(const char *s);
int OBJ_ln2nid(const char *s);
int OBJ_sn2nid(const char *s);
int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
const char * OBJ_bsearch(const char *key,const char *base,int num,int size,
int (*cmp)(const void *, const void *));
const char * OBJ_bsearch_ex(const char *key,const char *base,int num,
int size, int (*cmp)(const void *, const void *), int flags);
const void * OBJ_bsearch_(const void *key,const void *base,int num,int size,
int (*cmp)(const void *, const void *));
const void * OBJ_bsearch_ex(const void *key,const void *base,int num,
int size, int (*cmp)(const void *, const void *),
int flags);
#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, cmp) \
scope type1 *cmp##_type_1; \
scope type2 *cmp##_type_2; \
scope int cmp##_BSEARCH_CMP_FN(const void *, const void *); \
scope int cmp(const type1 const *, const type2 const *);
#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \
_DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp) \
_DECLARE_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp)
/*
* Unsolved problem: if a type is actually a pointer type, like
* nid_triple is, then its impossible to get a const where you need
* it. Consider:
*
* typedef int nid_triple[3];
* const void *a_;
* const nid_triple const *a = a_;
*
* The assignement discards a const because what you really want is:
*
* const int const * const *a = a_;
*
* But if you do that, you lose the fact that a is an array of 3 ints,
* which breaks comparison functions.
*
* Thus we end up having to cast, sadly, or unpack the
* declarations. Or, as I finally did in this case, delcare nid_triple
* to be a struct, which it should have been in the first place.
*
* Ben, August 2008.
*
* Also, strictly speaking not all types need be const, but handling
* the non-constness means a lot of complication, and in practice
* comparison routines do always not touch their arguments.
*/
#define _IMPLEMENT_OBJ_BSEARCH_CMP_FN(scope, type1, type2, cmp) \
scope int cmp##_BSEARCH_CMP_FN(const void *a_, const void *b_) \
{ \
const type1 const *a = a_; \
const type2 const *b = b_; \
return cmp(a,b); \
}
#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \
_IMPLEMENT_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp) \
_IMPLEMENT_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp)
#define OBJ_bsearch(type1,key,type2,base,num,cmp) \
((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
num,sizeof(type2), \
(cmp##_type_1=CHECKED_PTR_OF(type1,cmp##_type_1), \
cmp##_type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
cmp##_BSEARCH_CMP_FN)))
int OBJ_new_nid(int num);
int OBJ_add_object(const ASN1_OBJECT *obj);

8
crypto/objects/objxref.pl
View file

@ -50,8 +50,14 @@ my @srt2 = sort
print <<EOF;
/* AUTOGENERATED BY $0, DO NOT EDIT */
typedef int nid_triple[3];
typedef struct
{
int sign_id;
int hash_id;
int pkey_id;
} nid_triple;
static const nid_triple sigoid_srt[] =
{

19
crypto/x509/x509_vpm.c
View file

@ -356,12 +356,17 @@ static const X509_VERIFY_PARAM default_table[] = {
static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
static int table_cmp(const void *pa, const void *pb)
static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
{
const X509_VERIFY_PARAM *a = pa, *b = pb;
return strcmp(a->name, b->name);
}
DECLARE_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM,
table_cmp);
IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM,
table_cmp);
static int param_cmp(const X509_VERIFY_PARAM * const *a,
const X509_VERIFY_PARAM * const *b)
{
@ -397,6 +402,7 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
{
int idx;
X509_VERIFY_PARAM pm;
pm.name = (char *)name;
if (param_table)
{
@ -404,11 +410,10 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
if (idx != -1)
return sk_X509_VERIFY_PARAM_value(param_table, idx);
}
return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,
(char *)&default_table,
sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
sizeof(X509_VERIFY_PARAM),
table_cmp);
return OBJ_bsearch(const X509_VERIFY_PARAM, &pm,
const X509_VERIFY_PARAM, default_table,
sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
table_cmp);
}
void X509_VERIFY_PARAM_table_cleanup(void)

2
crypto/x509v3/ext_dat.h
View file

@ -73,7 +73,7 @@ extern X509V3_EXT_METHOD v3_addr, v3_asid;
* order of the ext_nid values.
*/
static X509V3_EXT_METHOD *standard_exts[] = {
static const X509V3_EXT_METHOD *standard_exts[] = {
&v3_nscert,
&v3_ns_ia5_list[0],
&v3_ns_ia5_list[1],

16
crypto/x509v3/v3_alt.c
View file

@ -392,8 +392,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
}
GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
GENERAL_NAME *gen;
GENERAL_NAMES *gens = NULL;
@ -414,15 +414,15 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
return NULL;
}
GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
CONF_VALUE *cnf)
GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
CONF_VALUE *cnf)
{
return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
}
GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
int gen_type, char *value, int is_nc)
const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
int gen_type, char *value, int is_nc)
{
char is_string = 0;
GENERAL_NAME *gen = NULL;
@ -518,8 +518,8 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
}
GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
CONF_VALUE *cnf, int is_nc)
const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
{
int type;

10
crypto/x509v3/v3_conf.c
View file

@ -72,8 +72,8 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, in
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
static char *conf_lhash_get_string(void *db, char *section, char *value);
static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
int crit, void *ext_struc);
static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
int crit, void *ext_struc);
static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
/* CONF *conf: Config file */
/* char *name: Name */
@ -115,7 +115,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
int crit, char *value)
{
X509V3_EXT_METHOD *method;
const X509V3_EXT_METHOD *method;
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
void *ext_struc;
@ -172,7 +172,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
}
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
int crit, void *ext_struc)
{
unsigned char *ext_der;
@ -214,7 +214,7 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
{
X509V3_EXT_METHOD *method;
const X509V3_EXT_METHOD *method;
if (!(method = X509V3_EXT_get_nid(ext_nid))) {
X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
return NULL;

31
crypto/x509v3/v3_crld.c
View file

@ -63,10 +63,10 @@
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
static void *v2i_crld(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int i2r_crldp(X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
int indent);
static void *v2i_crld(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
int indent);
const X509V3_EXT_METHOD v3_crld =
{
@ -308,8 +308,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
return NULL;
}
static void *v2i_crld(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
static void *v2i_crld(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
STACK_OF(DIST_POINT) *crld = NULL;
GENERAL_NAMES *gens = NULL;
@ -426,10 +426,10 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
static int i2r_idp(X509V3_EXT_METHOD *method,
void *pidp, BIO *out, int indent);
static void *v2i_idp(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
int indent);
static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *nval);
const X509V3_EXT_METHOD v3_idp =
{
@ -443,8 +443,8 @@ const X509V3_EXT_METHOD v3_idp =
NULL
};
static void *v2i_idp(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *nval)
{
ISSUING_DIST_POINT *idp = NULL;
CONF_VALUE *cnf;
@ -535,7 +535,8 @@ static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
return 1;
}
static int i2r_idp(X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
int indent)
{
ISSUING_DIST_POINT *idp = pidp;
if (idp->distpoint)
@ -559,8 +560,8 @@ static int i2r_idp(X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
return 1;
}
static int i2r_crldp(X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
int indent)
static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
int indent)
{
STACK_OF(DIST_POINT) *crld = pcrldp;
DIST_POINT *point;

16
crypto/x509v3/v3_extku.c
View file

@ -63,9 +63,10 @@
#include <openssl/conf.h>
#include <openssl/x509v3.h>
static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *nval);
static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
void *eku, STACK_OF(CONF_VALUE) *extlist);
const X509V3_EXT_METHOD v3_ext_ku = {
@ -97,8 +98,9 @@ ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
void *a, STACK_OF(CONF_VALUE) *ext_list)
static STACK_OF(CONF_VALUE) *
i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *a,
STACK_OF(CONF_VALUE) *ext_list)
{
EXTENDED_KEY_USAGE *eku = a;
int i;
@ -112,8 +114,8 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
return ext_list;
}
static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
EXTENDED_KEY_USAGE *extku;
char *extval;

26
crypto/x509v3/v3_lib.c
View file

@ -84,20 +84,26 @@ int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
}
static int ext_cmp(const X509V3_EXT_METHOD * const *a,
const X509V3_EXT_METHOD * const *b)
const X509V3_EXT_METHOD * const *b)
{
return ((*a)->ext_nid - (*b)->ext_nid);
}
X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *,
ext_cmp);
IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
const X509V3_EXT_METHOD *, ext_cmp);
const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
{
X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
X509V3_EXT_METHOD tmp;
const X509V3_EXT_METHOD *t = &tmp, * const *ret;
int idx;
if(nid < 0) return NULL;
tmp.ext_nid = nid;
ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
(char *)standard_exts, STANDARD_EXTENSION_COUNT,
sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
ret = OBJ_bsearch(const X509V3_EXT_METHOD *, &t,
const X509V3_EXT_METHOD *, standard_exts,
STANDARD_EXTENSION_COUNT, ext_cmp);
if(ret) return *ret;
if(!ext_list) return NULL;
idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
@ -105,7 +111,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
return sk_X509V3_EXT_METHOD_value(ext_list, idx);
}
X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
{
int nid;
if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
@ -122,7 +128,9 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
int X509V3_EXT_add_alias(int nid_to, int nid_from)
{
X509V3_EXT_METHOD *ext, *tmpext;
const X509V3_EXT_METHOD *ext;
X509V3_EXT_METHOD *tmpext;
if(!(ext = X509V3_EXT_get_nid(nid_from))) {
X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
return 0;
@ -161,7 +169,7 @@ int X509V3_add_standard_extensions(void)
void *X509V3_EXT_d2i(X509_EXTENSION *ext)
{
X509V3_EXT_METHOD *method;
const X509V3_EXT_METHOD *method;
const unsigned char *p;
if(!(method = X509V3_EXT_get(ext))) return NULL;

26
crypto/x509v3/v3_ncons.c
View file

@ -63,13 +63,13 @@
#include <openssl/conf.h>
#include <openssl/x509v3.h>
static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
void *a, BIO *bp, int ind);
static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
STACK_OF(GENERAL_SUBTREE) *trees,
BIO *bp, int ind, char *name);
static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
STACK_OF(GENERAL_SUBTREE) *trees,
BIO *bp, int ind, char *name);
static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
@ -106,8 +106,8 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
int i;
CONF_VALUE tval, *val;
@ -162,8 +162,8 @@ static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
void *a, BIO *bp, int ind)
static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
BIO *bp, int ind)
{
NAME_CONSTRAINTS *ncons = a;
do_i2r_name_constraints(method, ncons->permittedSubtrees,
@ -173,9 +173,9 @@ static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
return 1;
}
static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
STACK_OF(GENERAL_SUBTREE) *trees,
BIO *bp, int ind, char *name)
static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
STACK_OF(GENERAL_SUBTREE) *trees,
BIO *bp, int ind, char *name)
{
GENERAL_SUBTREE *tree;
int i;

42
crypto/x509v3/v3_ocsp.c
View file

@ -68,19 +68,26 @@
/* OCSP extensions and a couple of CRL entry extensions
*/
static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
BIO *out, int indent);
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
BIO *out, int indent);
static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
int indent);
static void *ocsp_nonce_new(void);
static int i2d_ocsp_nonce(void *a, unsigned char **pp);
static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
static void ocsp_nonce_free(void *a);
static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
BIO *out, int indent);
static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
void *nocheck, BIO *out, int indent);
static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
const char *str);
static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
BIO *bp, int ind);
const X509V3_EXT_METHOD v3_ocsp_crlid = {
NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
@ -148,7 +155,8 @@ const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
NULL
};
static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
int ind)
{
OCSP_CRLID *a = in;
if (a->crlUrl)
@ -174,7 +182,8 @@ static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
return 0;
}
static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
BIO *bp, int ind)
{
if (!BIO_printf(bp, "%*s", ind, "")) return 0;
if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
@ -182,7 +191,8 @@ static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, in
}
static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
int ind)
{
if (!BIO_printf(bp, "%*s", ind, "")) return 0;
if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
@ -232,7 +242,8 @@ static void ocsp_nonce_free(void *a)
M_ASN1_OCTET_STRING_free(a);
}
static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
BIO *out, int indent)
{
if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
@ -241,17 +252,20 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int
/* Nocheck is just a single NULL. Don't print anything and always set it */
static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
BIO *out, int indent)
{
return 1;
}
static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
const char *str)
{
return ASN1_NULL_new();
}
static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
BIO *bp, int ind)
{
int i;
OCSP_SERVICELOC *a = in;

20
crypto/x509v3/v3_pcons.c
View file

@ -64,10 +64,12 @@
#include <openssl/conf.h>
#include <openssl/x509v3.h>
static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
void *bcons, STACK_OF(CONF_VALUE) *extlist);
static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
static STACK_OF(CONF_VALUE) *
i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons,
STACK_OF(CONF_VALUE) *extlist);
static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *values);
const X509V3_EXT_METHOD v3_policy_constraints = {
NID_policy_constraints, 0,
@ -88,8 +90,9 @@ ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
void *a, STACK_OF(CONF_VALUE) *extlist)
static STACK_OF(CONF_VALUE) *
i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
STACK_OF(CONF_VALUE) *extlist)
{
POLICY_CONSTRAINTS *pcons = a;
X509V3_add_value_int("Require Explicit Policy",
@ -99,8 +102,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
return extlist;
}
static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *values)
{
POLICY_CONSTRAINTS *pcons=NULL;
CONF_VALUE *val;

18
crypto/x509v3/v3_pmaps.c
View file

@ -63,10 +63,11 @@
#include <openssl/conf.h>
#include <openssl/x509v3.h>
static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
void *pmps, STACK_OF(CONF_VALUE) *extlist);
static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static STACK_OF(CONF_VALUE) *
i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *pmps,
STACK_OF(CONF_VALUE) *extlist);
const X509V3_EXT_METHOD v3_policy_mappings = {
NID_policy_mappings, 0,
@ -92,8 +93,9 @@ ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
void *a, STACK_OF(CONF_VALUE) *ext_list)
static STACK_OF(CONF_VALUE) *
i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *a,
STACK_OF(CONF_VALUE) *ext_list)
{
POLICY_MAPPINGS *pmaps = a;
POLICY_MAPPING *pmap;
@ -109,8 +111,8 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
return ext_list;
}
static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
POLICY_MAPPINGS *pmaps;
POLICY_MAPPING *pmap;

2
crypto/x509v3/v3_prn.c
View file

@ -110,7 +110,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
void *ext_str = NULL;
char *value = NULL;
const unsigned char *p;
X509V3_EXT_METHOD *method;
const X509V3_EXT_METHOD *method;
STACK_OF(CONF_VALUE) *nval = NULL;
int ok = 1;

16
crypto/x509v3/v3_purp.c
View file

@ -267,11 +267,14 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
return xp->trust;
}
static int nid_cmp(int *a, int *b)
static int nid_cmp(const int *a, const int *b)
{
return *a - *b;
}
DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid_cmp);
IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid_cmp);
int X509_supported_extension(X509_EXTENSION *ex)
{
/* This table is a list of the NIDs of supported extensions:
@ -282,7 +285,7 @@ int X509_supported_extension(X509_EXTENSION *ex)
* searched using bsearch.
*/
static int supported_nids[] = {
static const int supported_nids[] = {
NID_netscape_cert_type, /* 71 */
NID_key_usage, /* 83 */
NID_subject_alt_name, /* 85 */
@ -300,16 +303,13 @@ int X509_supported_extension(X509_EXTENSION *ex)
NID_inhibit_any_policy /* 748 */
};
int ex_nid;
ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
const int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
if (ex_nid == NID_undef)
return 0;
if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
sizeof(supported_nids)/sizeof(int), sizeof(int),
(int (*)(const void *, const void *))nid_cmp))
if (OBJ_bsearch(int, &ex_nid, int, supported_nids,
sizeof(supported_nids)/sizeof(int), nid_cmp))
return 1;
return 0;
}

40
crypto/x509v3/x509v3.h
View file

@ -76,12 +76,19 @@ typedef void * (*X509V3_EXT_NEW)(void);
typedef void (*X509V3_EXT_FREE)(void *);
typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
typedef STACK_OF(CONF_VALUE) *
(*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext,
STACK_OF(CONF_VALUE) *extlist);
typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method,
struct v3_ext_ctx *ctx,
STACK_OF(CONF_VALUE) *values);
typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method,
struct v3_ext_ctx *ctx, const char *str);
typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
BIO *out, int indent);
typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method,
struct v3_ext_ctx *ctx, const char *str);
/* V3 extension structure */
@ -533,8 +540,8 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
DECLARE_ASN1_FUNCTIONS(OTHERNAME)
DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
@ -584,14 +591,15 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
int gen_type, char *value, int is_nc);
const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
int gen_type, char *value, int is_nc);
#ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
CONF_VALUE *cnf);
GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
CONF_VALUE *cnf);
GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
void X509V3_conf_free(CONF_VALUE *val);
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
@ -644,8 +652,8 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
int X509V3_EXT_add_alias(int nid_to, int nid_from);
void X509V3_EXT_cleanup(void);
X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
int X509V3_add_standard_extensions(void);
STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
void *X509V3_EXT_d2i(X509_EXTENSION *ext);

3
engines/Makefile
View file

@ -219,8 +219,7 @@ e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
e_capi.o: ../include/openssl/evp.h ../include/openssl/lhash.h
e_capi.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
e_capi.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
e_capi.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
e_capi.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
e_capi.o: ../include/openssl/sha.h ../include/openssl/stack.h
e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h

4
ssl/d1_lib.c
View file

@ -175,9 +175,9 @@ void dtls1_clear(SSL *s)
* to explicitly list their SSL_* codes. Currently RC4 is the only one
* available, but if new ones emerge, they will have to be added...
*/
SSL_CIPHER *dtls1_get_cipher(unsigned int u)
const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
{
SSL_CIPHER *ciph = ssl3_get_cipher(u);
const SSL_CIPHER *ciph = ssl3_get_cipher(u);
if (ciph != NULL)
{

7
ssl/s23_lib.c
View file

@ -74,7 +74,7 @@ int ssl23_num_ciphers(void)
);
}
SSL_CIPHER *ssl23_get_cipher(unsigned int u)
const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
{
unsigned int uu=ssl3_num_ciphers();
@ -90,9 +90,10 @@ SSL_CIPHER *ssl23_get_cipher(unsigned int u)
/* This function needs to check if the ciphers required are actually
* available */
SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
{
SSL_CIPHER c,*cp;
SSL_CIPHER c;
const SSL_CIPHER *cp;
unsigned long id;
int n;

18
ssl/s2_lib.c
View file

@ -121,7 +121,7 @@ const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
/* list of available SSLv2 ciphers (sorted by id) */
OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
#if 0
/* NULL_WITH_MD5 v3 */
{
@ -303,7 +303,7 @@ int ssl2_num_ciphers(void)
return(SSL2_NUM_CIPHERS);
}
SSL_CIPHER *ssl2_get_cipher(unsigned int u)
const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
{
if (u < SSL2_NUM_CIPHERS)
return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
@ -412,20 +412,22 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
return(0);
}
IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER,
ssl_cipher_id_cmp);
/* This function needs to check if the ciphers required are actually
* available */
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
{
SSL_CIPHER c,*cp;
SSL_CIPHER c;
const SSL_CIPHER *cp;
unsigned long id;
id=0x02000000L|((unsigned long)p[0]<<16L)|
((unsigned long)p[1]<<8L)|(unsigned long)p[2];
c.id=id;
cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
(char *)ssl2_ciphers,
SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
FP_ICC ssl_cipher_id_cmp);
cp = OBJ_bsearch(const SSL_CIPHER, &c, const SSL_CIPHER, ssl2_ciphers,
SSL2_NUM_CIPHERS, ssl_cipher_id_cmp);
if ((cp == NULL) || (cp->valid == 0))
return NULL;
else

6
ssl/s2_meth.c
View file

@ -71,9 +71,9 @@ static const SSL_METHOD *ssl2_get_method(int ver)
}
IMPLEMENT_ssl2_meth_func(SSLv2_method,
ssl2_accept,
ssl2_connect,
ssl2_get_method)
ssl2_accept,
ssl2_connect,
ssl2_get_method)
#else /* !OPENSSL_NO_SSL2 */

2
ssl/s2_srvr.c
View file

@ -366,7 +366,7 @@ static int get_client_master_key(SSL *s)
int is_export,i,n,keya,ek;
unsigned long len;
unsigned char *p;
SSL_CIPHER *cp;
const SSL_CIPHER *cp;
const EVP_CIPHER *c;
const EVP_MD *md;

2
ssl/s3_clnt.c
View file

@ -719,7 +719,7 @@ err:
int ssl3_get_server_hello(SSL *s)
{
STACK_OF(SSL_CIPHER) *sk;
SSL_CIPHER *c;
const SSL_CIPHER *c;
unsigned char *p,*d;
int i,al,ok;
unsigned int j;

13
ssl/s3_lib.c
View file

@ -2101,7 +2101,7 @@ int ssl3_num_ciphers(void)
return(SSL3_NUM_CIPHERS);
}
SSL_CIPHER *ssl3_get_cipher(unsigned int u)
const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
{
if (u < SSL3_NUM_CIPHERS)
return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
@ -2786,17 +2786,16 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
/* This function needs to check if the ciphers required are actually
* available */
SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
{
SSL_CIPHER c,*cp;
SSL_CIPHER c;
const SSL_CIPHER *cp;
unsigned long id;
id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
c.id=id;
cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
(char *)ssl3_ciphers,
SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
FP_ICC ssl_cipher_id_cmp);
cp = OBJ_bsearch(SSL_CIPHER, &c, SSL_CIPHER, ssl3_ciphers,
SSL3_NUM_CIPHERS, ssl_cipher_id_cmp);
if (cp == NULL || cp->valid == 0)
return NULL;
else

6
ssl/s3_meth.c
View file

@ -70,8 +70,8 @@ static const SSL_METHOD *ssl3_get_method(int ver)
}
IMPLEMENT_ssl3_meth_func(SSLv3_method,
ssl3_accept,
ssl3_connect,
ssl3_get_method)
ssl3_accept,
ssl3_connect,
ssl3_get_method)

8
ssl/ssl.h
View file

@ -401,11 +401,11 @@ typedef struct ssl_method_st
int (*ssl_dispatch_alert)(SSL *s);
long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
int (*ssl_pending)(const SSL *s);
int (*num_ciphers)(void);
SSL_CIPHER *(*get_cipher)(unsigned ncipher);
const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
const struct ssl_method_st *(*get_ssl_method)(int version);
long (*get_timeout)(void);
struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
@ -483,7 +483,7 @@ typedef struct ssl_session_st
int compress_meth; /* Need to lookup the method */
SSL_CIPHER *cipher;
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
* needs to be used to load
* the 'cipher' structure */
@ -1431,7 +1431,7 @@ int SSL_clear(SSL *s);
void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);

2
ssl/ssl3.h
View file

@ -465,7 +465,7 @@ typedef struct ssl3_state_st
int message_type;
/* used to hold the new cipher we are going to use */
SSL_CIPHER *new_cipher;
const SSL_CIPHER *new_cipher;
#ifndef OPENSSL_NO_DH
DH *dh;
#endif

19
ssl/ssl_ciph.c
View file

@ -207,7 +207,7 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
typedef struct cipher_order_st
{
SSL_CIPHER *cipher;
const SSL_CIPHER *cipher;
int active;
int dead;
struct cipher_order_st *next,*prev;
@ -437,7 +437,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
{
int i;
SSL_CIPHER *c;
const SSL_CIPHER *c;
c=s->cipher;
if (c == NULL) return(0);
@ -682,7 +682,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
int i, co_list_num;
SSL_CIPHER *c;
const SSL_CIPHER *c;
/*
* We have num_of_ciphers descriptions compiled in, depending on the
@ -745,7 +745,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
}
}
static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
int num_of_group_aliases,
unsigned long disabled_mkey, unsigned long disabled_auth,
unsigned long disabled_enc, unsigned long disabled_mac,
@ -753,7 +753,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
CIPHER_ORDER *head)
{
CIPHER_ORDER *ciph_curr;
SSL_CIPHER **ca_curr;
const SSL_CIPHER **ca_curr;
int i;
unsigned long mask_mkey = ~disabled_mkey;
unsigned long mask_auth = ~disabled_auth;
@ -823,7 +823,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
SSL_CIPHER *cp;
const SSL_CIPHER *cp;
int reverse = 0;
#ifdef CIPHER_DEBUG
@ -999,7 +999,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
static int ssl_cipher_process_rulestr(const char *rule_str,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
SSL_CIPHER **ca_list)
const SSL_CIPHER **ca_list)
{
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
const char *l, *start, *buf;
@ -1258,7 +1258,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
SSL_CIPHER **ca_list = NULL;
const SSL_CIPHER **ca_list = NULL;
/*
* Return with error if nothing to do.
@ -1345,8 +1345,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/
num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list =
(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
if (ca_list == NULL)
{
OPENSSL_free(co_list);

10
ssl/ssl_lib.c
View file

@ -1348,7 +1348,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
STACK_OF(SSL_CIPHER) **skp)
{
SSL_CIPHER *c;
const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
int i,n;
@ -1751,7 +1751,7 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
X509_VERIFY_PARAM_set_depth(ctx->param, depth);
}
void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
{
CERT_PKEY *cpk;
int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
@ -1963,7 +1963,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
#define ku_reject(x, usage) \
(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
{
unsigned long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
@ -2109,7 +2109,7 @@ X509 *ssl_get_server_send_cert(SSL *s)
return(c->pkeys[i].x509);
}
EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
{
unsigned long alg_a;
CERT *c;
@ -2547,7 +2547,7 @@ EVP_PKEY *SSL_get_privatekey(SSL *s)
return(NULL);
}
SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
{
if ((s->session != NULL) && (s->session->cipher != NULL))
return(s->session->cipher);

24
ssl/ssl_locl.h
View file

@ -577,7 +577,7 @@ typedef struct ssl3_buf_freelist_entry_st
#endif
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
@ -784,6 +784,8 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type);
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER,
ssl_cipher_id_cmp);
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
const SSL_CIPHER * const *bp);
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
@ -803,9 +805,9 @@ int ssl_undefined_function(SSL *s);
int ssl_undefined_void_function(void);
int ssl_undefined_const_function(const SSL *s);
X509 *ssl_get_server_send_cert(SSL *);
EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *);
int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
int ssl_verify_alarm_type(long type);
void ssl_load_ciphers(void);
@ -814,7 +816,7 @@ int ssl2_enc_init(SSL *s, int client);
int ssl2_generate_key_material(SSL *s);
void ssl2_enc(SSL *s,int send_data);
void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
int ssl2_part_read(SSL *s, unsigned long f, int i);
int ssl2_do_write(SSL *s);
@ -822,7 +824,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
void ssl2_return_error(SSL *s,int reason);
void ssl2_write_error(SSL *s);
int ssl2_num_ciphers(void);
SSL_CIPHER *ssl2_get_cipher(unsigned int u);
const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
int ssl2_new(SSL *s);
void ssl2_free(SSL *s);
int ssl2_accept(SSL *s);
@ -839,7 +841,7 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
int ssl2_pending(const SSL *s);
long ssl2_default_timeout(void );
SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
void ssl3_init_finished_mac(SSL *s);
int ssl3_send_server_certificate(SSL *s);
@ -858,7 +860,7 @@ int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
int ssl3_num_ciphers(void);
SSL_CIPHER *ssl3_get_cipher(unsigned int u);
const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl);
int ssl3_dispatch_alert(SSL *s);
@ -899,12 +901,12 @@ int ssl3_do_change_cipher_spec(SSL *ssl);
long ssl3_default_timeout(void );
int ssl23_num_ciphers(void );
SSL_CIPHER *ssl23_get_cipher(unsigned int u);
const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
int ssl23_read(SSL *s, void *buf, int len);
int ssl23_peek(SSL *s, void *buf, int len);
int ssl23_write(SSL *s, const void *buf, int len);
int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
long ssl23_default_timeout(void );
long tls1_default_timeout(void);
@ -934,7 +936,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
void dtls1_reset_seq_numbers(SSL *s, int rw);
long dtls1_default_timeout(void);
SSL_CIPHER *dtls1_get_cipher(unsigned int u);
const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
/* some client-only functions */
@ -1020,7 +1022,7 @@ int ssl3_alert_code(int code);
int ssl_ok(SSL *s);
#ifndef OPENSSL_NO_ECDH
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs);
#endif
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);

4
ssl/ssltest.c
View file

@ -317,7 +317,7 @@ static void sv_usage(void)
static void print_details(SSL *c_ssl, const char *prefix)
{
SSL_CIPHER *ciph;
const SSL_CIPHER *ciph;
X509 *cert;
ciph=SSL_get_current_cipher(c_ssl);
@ -2408,7 +2408,7 @@ static int do_test_cipherlist(void)
{
int i = 0;
const SSL_METHOD *meth;
SSL_CIPHER *ci, *tci = NULL;
const SSL_CIPHER *ci, *tci = NULL;
#ifndef OPENSSL_NO_SSL2
fprintf(stderr, "testing SSLv2 cipher list order: ");