diff --git a/CHANGES b/CHANGES index ecead77be9..0a087c149d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.8j and 0.9.9 [xx XXX xxxx] + *) Type-checked OBJ_bsearch. Also some constification necessitated + by type-checking. Still to come: TXT_DB, bsearch(?), + OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING, + CONF_VALUE. [Ben Laurie] + *) New function OPENSSL_gmtime_adj() to add a specific number of days and seconds to a tm structure directly, instead of going through OS specific date routines. This avoids any issues with OS routines such diff --git a/Configure b/Configure index aa396e00eb..77b13e4c7b 100755 --- a/Configure +++ b/Configure @@ -164,6 +164,7 @@ my %table=( "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", +"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", diff --git a/apps/s_client.c b/apps/s_client.c index 776196ef08..12e5c40b7d 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1531,7 +1531,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) char buf[BUFSIZ]; STACK_OF(X509) *sk; STACK_OF(X509_NAME) *sk2; - SSL_CIPHER *c; + const SSL_CIPHER *c; X509_NAME *xn; int j,i; #ifndef OPENSSL_NO_COMP diff --git a/apps/s_server.c b/apps/s_server.c index 27e520a9f3..c95057a7f8 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2182,7 +2182,7 @@ static int www_body(char *hostname, int s, unsigned char *context) int ret=1; int i,j,k,blank,dot; SSL *con; - SSL_CIPHER *c; + const SSL_CIPHER *c; BIO *io,*ssl_bio,*sbio; long total_bytes; diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index ecf1d6004e..f0d5416660 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -67,7 +67,6 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; static void st_free(ASN1_STRING_TABLE *tbl); static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, const ASN1_STRING_TABLE * const *b); -static int table_cmp(const void *a, const void *b); /* This is the global mask for the mbstring functions: this is use to @@ -186,22 +185,25 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, return (*a)->nid - (*b)->nid; } -static int table_cmp(const void *a, const void *b) +DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table_cmp); + +static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) { - const ASN1_STRING_TABLE *sa = a, *sb = b; - return sa->nid - sb->nid; + return a->nid - b->nid; } +IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table_cmp); + ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) { int idx; ASN1_STRING_TABLE *ttmp; ASN1_STRING_TABLE fnd; fnd.nid = nid; - ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, - (char *)tbl_standard, - sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), - sizeof(ASN1_STRING_TABLE), table_cmp); + ttmp = OBJ_bsearch(ASN1_STRING_TABLE, &fnd, + ASN1_STRING_TABLE, tbl_standard, + sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), + table_cmp); if(ttmp) return ttmp; if(!stable) return NULL; idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 47cbdd28d0..300195bf95 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -112,12 +112,18 @@ void main() } #endif +DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PKEY_ASN1_METHOD *, + const EVP_PKEY_ASN1_METHOD *, ameth_cmp); + static int ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a, - const EVP_PKEY_ASN1_METHOD * const *b) + const EVP_PKEY_ASN1_METHOD * const *b) { return ((*a)->pkey_id - (*b)->pkey_id); } +IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PKEY_ASN1_METHOD *, + const EVP_PKEY_ASN1_METHOD *, ameth_cmp); + int EVP_PKEY_asn1_get_count(void) { int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *); @@ -139,7 +145,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx) static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) { - EVP_PKEY_ASN1_METHOD tmp, *t = &tmp, **ret; + EVP_PKEY_ASN1_METHOD tmp, *t = &tmp; + const EVP_PKEY_ASN1_METHOD **ret; tmp.pkey_id = type; if (app_methods) { @@ -148,11 +155,11 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) if (idx >= 0) return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); } - ret = (EVP_PKEY_ASN1_METHOD **) OBJ_bsearch((char *)&t, - (char *)standard_methods, - sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *), - sizeof(EVP_PKEY_ASN1_METHOD *), - (int (*)(const void *, const void *))ameth_cmp); + ret = OBJ_bsearch(EVP_PKEY_ASN1_METHOD *, &t, + const EVP_PKEY_ASN1_METHOD *, standard_methods, + sizeof(standard_methods) + /sizeof(EVP_PKEY_ASN1_METHOD *), + ameth_cmp); if (!ret || !*ret) return NULL; return *ret; diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 8fecd34221..7d6a50266a 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -189,10 +189,10 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, return 1; } -static int pbe_cmp2(const void *a, const void *b) +DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe_cmp2); + +static int pbe_cmp2(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2) { - const EVP_PBE_CTL *pbe1 = a; - const EVP_PBE_CTL *pbe2 = b; int ret = pbe1->pbe_type - pbe2->pbe_type; if (ret) return ret; @@ -200,6 +200,8 @@ static int pbe_cmp2(const void *a, const void *b) return pbe1->pbe_nid - pbe2->pbe_nid; } +IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe_cmp2); + static int pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b) { int ret = (*a)->pbe_type - (*b)->pbe_type; @@ -269,11 +271,10 @@ int EVP_PBE_find(int type, int pbe_nid, } if (pbetmp == NULL) { - pbetmp = (EVP_PBE_CTL *) OBJ_bsearch((char *)&pbelu, - (char *)builtin_pbe, - sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL), - sizeof(EVP_PBE_CTL), - pbe_cmp2); + pbetmp = OBJ_bsearch(EVP_PBE_CTL, &pbelu, + EVP_PBE_CTL, builtin_pbe, + sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL), + pbe_cmp2); } if (pbetmp == NULL) return 0; diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 765a6c07db..3fd11cbb5a 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -84,15 +84,22 @@ static const EVP_PKEY_METHOD *standard_methods[] = &hmac_pkey_meth, }; +DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, + pmeth_cmp); + static int pmeth_cmp(const EVP_PKEY_METHOD * const *a, - const EVP_PKEY_METHOD * const *b) + const EVP_PKEY_METHOD * const *b) { return ((*a)->pkey_id - (*b)->pkey_id); } +IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, + pmeth_cmp); + const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) { - EVP_PKEY_METHOD tmp, *t = &tmp, **ret; + EVP_PKEY_METHOD tmp, *t = &tmp; + const EVP_PKEY_METHOD **ret; tmp.pkey_id = type; if (app_pkey_methods) { @@ -101,11 +108,10 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) if (idx >= 0) return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); } - ret = (EVP_PKEY_METHOD **) OBJ_bsearch((char *)&t, - (char *)standard_methods, - sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *), - sizeof(EVP_PKEY_METHOD *), - (int (*)(const void *, const void *))pmeth_cmp); + ret = OBJ_bsearch(EVP_PKEY_METHOD *, &t, + const EVP_PKEY_METHOD *, standard_methods, + sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *), + pmeth_cmp); if (!ret || !*ret) return NULL; return *ret; diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index db88f5f980..acb6bcfb06 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -81,9 +81,10 @@ static const unsigned int ln_objs[1]; static const unsigned int obj_objs[1]; #endif -static int sn_cmp(const void *a, const void *b); -static int ln_cmp(const void *a, const void *b); -static int obj_cmp(const void *a, const void *b); +DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, sn_cmp); +DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, ln_cmp); +DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, obj_cmp); + #define ADDED_DATA 0 #define ADDED_SNAME 1 #define ADDED_LNAME 2 @@ -99,19 +100,15 @@ DECLARE_LHASH_OF(ADDED_OBJ); static int new_nid=NUM_NID; static LHASH_OF(ADDED_OBJ) *added=NULL; -static int sn_cmp(const void *a, const void *b) - { - const ASN1_OBJECT * const *ap = a; - const unsigned int *bp = b; - return(strcmp((*ap)->sn,nid_objs[*bp].sn)); - } +static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b) + { return(strcmp((*a)->sn,nid_objs[*b].sn)); } -static int ln_cmp(const void *a, const void *b) - { - const ASN1_OBJECT * const *ap = a; - const unsigned int *bp = b; - return(strcmp((*ap)->ln,nid_objs[*bp].ln)); - } +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, sn_cmp) + +static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b) + { return(strcmp((*a)->ln,nid_objs[*b].ln)); } + +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, ln_cmp) static unsigned long added_obj_hash(const ADDED_OBJ *ca) { @@ -385,6 +382,19 @@ const char *OBJ_nid2ln(int n) } } +static int obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp) + { + int j; + const ASN1_OBJECT *a= *ap; + const ASN1_OBJECT *b= &nid_objs[*bp]; + + j=(a->length - b->length); + if (j) return(j); + return(memcmp(a->data,b->data,a->length)); + } + +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, obj_cmp) + int OBJ_obj2nid(const ASN1_OBJECT *a) { const unsigned int *op; @@ -402,8 +412,8 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) adp=lh_ADDED_OBJ_retrieve(added,&ad); if (adp != NULL) return (adp->obj->nid); } - op=(const unsigned int *)OBJ_bsearch((const char *)&a,(const char *)obj_objs, - NUM_OBJ, sizeof(obj_objs[0]),obj_cmp); + op=OBJ_bsearch(const ASN1_OBJECT *, &a, const unsigned int, obj_objs, + NUM_OBJ, obj_cmp); if (op == NULL) return(NID_undef); return(nid_objs[*op].nid); @@ -625,7 +635,8 @@ int OBJ_txt2nid(const char *s) int OBJ_ln2nid(const char *s) { - ASN1_OBJECT o,*oo= &o; + ASN1_OBJECT o; + const ASN1_OBJECT *oo= &o; ADDED_OBJ ad,*adp; const unsigned int *op; @@ -637,15 +648,16 @@ int OBJ_ln2nid(const char *s) adp=lh_ADDED_OBJ_retrieve(added,&ad); if (adp != NULL) return (adp->obj->nid); } - op=(const unsigned int*)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN, - sizeof(ln_objs[0]),ln_cmp); + op=OBJ_bsearch(const ASN1_OBJECT *, &oo, const unsigned int, ln_objs, + NUM_LN, ln_cmp); if (op == NULL) return(NID_undef); return(nid_objs[*op].nid); } int OBJ_sn2nid(const char *s) { - ASN1_OBJECT o,*oo= &o; + ASN1_OBJECT o; + const ASN1_OBJECT *oo= &o; ADDED_OBJ ad,*adp; const unsigned int *op; @@ -657,32 +669,22 @@ int OBJ_sn2nid(const char *s) adp=lh_ADDED_OBJ_retrieve(added,&ad); if (adp != NULL) return (adp->obj->nid); } - op=(const unsigned int *)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN, - sizeof(sn_objs[0]),sn_cmp); + op=OBJ_bsearch(const ASN1_OBJECT *, &oo, const unsigned int, sn_objs, + NUM_SN, sn_cmp); if (op == NULL) return(NID_undef); return(nid_objs[*op].nid); } -static int obj_cmp(const void *ap, const void *bp) - { - int j; - const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap; - const ASN1_OBJECT *b= &nid_objs[*((const unsigned int *)bp)]; - - j=(a->length - b->length); - if (j) return(j); - return(memcmp(a->data,b->data,a->length)); - } - -const char *OBJ_bsearch(const char *key, const char *base, int num, int size, - int (*cmp)(const void *, const void *)) +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp)(const void *, const void *)) { return OBJ_bsearch_ex(key, base, num, size, cmp, 0); } -const char *OBJ_bsearch_ex(const char *key, const char *base, int num, +const void *OBJ_bsearch_ex(const void *key, const void *base_, int num, int size, int (*cmp)(const void *, const void *), int flags) { + const char *base=base_; int l,h,i=0,c=0; const char *p = NULL; diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c index 4ebaa1cc6a..3e85e7a576 100644 --- a/crypto/objects/obj_xref.c +++ b/crypto/objects/obj_xref.c @@ -64,28 +64,35 @@ STACK_OF(nid_triple) *sig_app, *sigx_app; static int cmp_sig(const nid_triple *a, const nid_triple *b) { - return **a - **b; + return a->sign_id - b->sign_id; } +DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple, const nid_triple, cmp_sig); +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple, const nid_triple, cmp_sig) + static int cmp_sig_sk(const nid_triple * const *a, const nid_triple * const *b) { - return ***a - ***b; + return (*a)->sign_id - (*b)->sign_id; } +DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, cmp_sigx); + static int cmp_sigx(const nid_triple * const *a, const nid_triple * const *b) { int ret; - ret = (**a)[1] - (**b)[1]; + ret = (*a)->hash_id - (*b)->hash_id; if (ret) return ret; - return (**a)[2] - (**b)[2]; + return (*a)->pkey_id - (*b)->pkey_id; } +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, cmp_sigx) int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid) { - nid_triple tmp, *rv = NULL; - tmp[0] = signid; + nid_triple tmp; + const nid_triple *rv = NULL; + tmp.sign_id = signid; if (sig_app) { @@ -97,25 +104,27 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid) #ifndef OBJ_XREF_TEST2 if (rv == NULL) { - rv = (nid_triple *)OBJ_bsearch((char *)&tmp, - (char *)sigoid_srt, - sizeof(sigoid_srt) / sizeof(nid_triple), - sizeof(nid_triple), - (int (*)(const void *, const void *))cmp_sig); + rv = OBJ_bsearch(const nid_triple,&tmp, + const nid_triple,sigoid_srt, + sizeof(sigoid_srt) / sizeof(nid_triple), + cmp_sig); } #endif if (rv == NULL) return 0; - *pdig_nid = (*rv)[1]; - *ppkey_nid = (*rv)[2]; + *pdig_nid = rv->hash_id; + *ppkey_nid = rv->pkey_id; return 1; } int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) { - nid_triple tmp, *t=&tmp, **rv = NULL; - tmp[1] = dig_nid; - tmp[2] = pkey_nid; + nid_triple tmp; + const nid_triple const *t=&tmp; + const nid_triple **rv = NULL; + + tmp.hash_id = dig_nid; + tmp.pkey_id = pkey_nid; if (sigx_app) { @@ -130,16 +139,15 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) #ifndef OBJ_XREF_TEST2 if (rv == NULL) { - rv = (nid_triple **)OBJ_bsearch((char *)&t, - (char *)sigoid_srt_xref, - sizeof(sigoid_srt_xref) / sizeof(nid_triple *), - sizeof(nid_triple *), - (int (*)(const void *, const void *))cmp_sigx); + rv = OBJ_bsearch(const nid_triple *,&t, + const nid_triple *,sigoid_srt_xref, + sizeof(sigoid_srt_xref) / sizeof(nid_triple *), + cmp_sigx); } #endif if (rv == NULL) return 0; - *psignid = (**rv)[0]; + *psignid = (*rv)->sign_id; return 1; } @@ -157,9 +165,9 @@ int OBJ_add_sigid(int signid, int dig_id, int pkey_id) ntr = OPENSSL_malloc(sizeof(int) * 3); if (!ntr) return 0; - (*ntr)[0] = signid; - (*ntr)[1] = dig_id; - (*ntr)[2] = pkey_id; + ntr->sign_id = signid; + ntr->hash_id = dig_id; + ntr->pkey_id = pkey_id; if (!sk_nid_triple_push(sig_app, ntr)) { diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h deleted file mode 100644 index c139d3a8e2..0000000000 --- a/crypto/objects/obj_xref.h +++ /dev/null @@ -1,69 +0,0 @@ - -typedef int nid_triple[3]; - -static const nid_triple sigoid_srt[] = - { - {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, - {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, - {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption}, - {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, - {NID_dsaWithSHA, NID_sha, NID_dsa}, - {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, - {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption}, - {NID_md5WithRSA, NID_md5, NID_rsa}, - {NID_dsaWithSHA1, NID_sha1, NID_dsa}, - {NID_sha1WithRSA, NID_sha1, NID_rsa}, - {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption}, - {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, - {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, - {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, - {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, - {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, - {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, - {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, - {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, - {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, - {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001}, - {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94}, - {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc}, - {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc}, - }; - -static const nid_triple * const sigoid_srt_xref[] = - { - &sigoid_srt[17], - &sigoid_srt[18], - &sigoid_srt[0], - &sigoid_srt[1], - &sigoid_srt[7], - &sigoid_srt[2], - &sigoid_srt[4], - &sigoid_srt[3], - &sigoid_srt[9], - &sigoid_srt[5], - &sigoid_srt[8], - &sigoid_srt[12], - &sigoid_srt[6], - &sigoid_srt[10], - &sigoid_srt[11], - &sigoid_srt[13], - &sigoid_srt[24], - &sigoid_srt[20], - &sigoid_srt[14], - &sigoid_srt[21], - &sigoid_srt[15], - &sigoid_srt[22], - &sigoid_srt[16], - &sigoid_srt[23], - &sigoid_srt[19], - &sigoid_srt[25], - &sigoid_srt[26], - &sigoid_srt[27], - &sigoid_srt[28], - }; - diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index 7d8cdc97c3..7dc1bf5f00 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -1011,10 +1011,68 @@ int OBJ_txt2nid(const char *s); int OBJ_ln2nid(const char *s); int OBJ_sn2nid(const char *s); int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); -const char * OBJ_bsearch(const char *key,const char *base,int num,int size, - int (*cmp)(const void *, const void *)); -const char * OBJ_bsearch_ex(const char *key,const char *base,int num, - int size, int (*cmp)(const void *, const void *), int flags); +const void * OBJ_bsearch_(const void *key,const void *base,int num,int size, + int (*cmp)(const void *, const void *)); +const void * OBJ_bsearch_ex(const void *key,const void *base,int num, + int size, int (*cmp)(const void *, const void *), + int flags); + +#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, cmp) \ + scope type1 *cmp##_type_1; \ + scope type2 *cmp##_type_2; \ + scope int cmp##_BSEARCH_CMP_FN(const void *, const void *); \ + scope int cmp(const type1 const *, const type2 const *); + +#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp) + +/* + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignement discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, delcare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ +#define _IMPLEMENT_OBJ_BSEARCH_CMP_FN(scope, type1, type2, cmp) \ + scope int cmp##_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + const type1 const *a = a_; \ + const type2 const *b = b_; \ + return cmp(a,b); \ + } + +#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _IMPLEMENT_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp) \ + _IMPLEMENT_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp) + +#define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + (cmp##_type_1=CHECKED_PTR_OF(type1,cmp##_type_1), \ + cmp##_type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl index 0dd360b5b0..4a42924c56 100644 --- a/crypto/objects/objxref.pl +++ b/crypto/objects/objxref.pl @@ -50,8 +50,14 @@ my @srt2 = sort print <name, b->name); } +DECLARE_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM, + table_cmp); +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM, + table_cmp); + static int param_cmp(const X509_VERIFY_PARAM * const *a, const X509_VERIFY_PARAM * const *b) { @@ -397,6 +402,7 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) { int idx; X509_VERIFY_PARAM pm; + pm.name = (char *)name; if (param_table) { @@ -404,11 +410,10 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) if (idx != -1) return sk_X509_VERIFY_PARAM_value(param_table, idx); } - return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm, - (char *)&default_table, - sizeof(default_table)/sizeof(X509_VERIFY_PARAM), - sizeof(X509_VERIFY_PARAM), - table_cmp); + return OBJ_bsearch(const X509_VERIFY_PARAM, &pm, + const X509_VERIFY_PARAM, default_table, + sizeof(default_table)/sizeof(X509_VERIFY_PARAM), + table_cmp); } void X509_VERIFY_PARAM_table_cleanup(void) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 59837a44be..22a390ab46 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -73,7 +73,7 @@ extern X509V3_EXT_METHOD v3_addr, v3_asid; * order of the ext_nid values. */ -static X509V3_EXT_METHOD *standard_exts[] = { +static const X509V3_EXT_METHOD *standard_exts[] = { &v3_nscert, &v3_ns_ia5_list[0], &v3_ns_ia5_list[1], diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 2c2d6c4442..55b44848cd 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -392,8 +392,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) } -GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { GENERAL_NAME *gen; GENERAL_NAMES *gens = NULL; @@ -414,15 +414,15 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, return NULL; } -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf) +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf) { return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); } GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, - X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - int gen_type, char *value, int is_nc) + const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + int gen_type, char *value, int is_nc) { char is_string = 0; GENERAL_NAME *gen = NULL; @@ -518,8 +518,8 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, } GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, - X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf, int is_nc) + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) { int type; diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index e654ae7e1e..df3b991fe5 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -72,8 +72,8 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, in static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); static char *conf_lhash_get_string(void *db, char *section, char *value); static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); -static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, - int crit, void *ext_struc); +static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, + int crit, void *ext_struc); static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); /* CONF *conf: Config file */ /* char *name: Name */ @@ -115,7 +115,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value) { - X509V3_EXT_METHOD *method; + const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; void *ext_struc; @@ -172,7 +172,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, } -static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, +static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc) { unsigned char *ext_der; @@ -214,7 +214,7 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) { - X509V3_EXT_METHOD *method; + const X509V3_EXT_METHOD *method; if (!(method = X509V3_EXT_get_nid(ext_nid))) { X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); return NULL; diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 17a1fbf62c..c5e616cacc 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -63,10 +63,10 @@ #include #include -static void *v2i_crld(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static int i2r_crldp(X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent); +static void *v2i_crld(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, + int indent); const X509V3_EXT_METHOD v3_crld = { @@ -308,8 +308,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, return NULL; } -static void *v2i_crld(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void *v2i_crld(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { STACK_OF(DIST_POINT) *crld = NULL; GENERAL_NAMES *gens = NULL; @@ -426,10 +426,10 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = { IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT) -static int i2r_idp(X509V3_EXT_METHOD *method, - void *pidp, BIO *out, int indent); -static void *v2i_idp(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, + int indent); +static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); const X509V3_EXT_METHOD v3_idp = { @@ -443,8 +443,8 @@ const X509V3_EXT_METHOD v3_idp = NULL }; -static void *v2i_idp(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { ISSUING_DIST_POINT *idp = NULL; CONF_VALUE *cnf; @@ -535,7 +535,8 @@ static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) return 1; } -static int i2r_idp(X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent) +static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, + int indent) { ISSUING_DIST_POINT *idp = pidp; if (idp->distpoint) @@ -559,8 +560,8 @@ static int i2r_idp(X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent) return 1; } -static int i2r_crldp(X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent) +static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, + int indent) { STACK_OF(DIST_POINT) *crld = pcrldp; DIST_POINT *point; diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c index a4efe0031e..4e968b9e1d 100644 --- a/crypto/x509v3/v3_extku.c +++ b/crypto/x509v3/v3_extku.c @@ -63,9 +63,10 @@ #include #include -static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, +static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *eku, STACK_OF(CONF_VALUE) *extlist); const X509V3_EXT_METHOD v3_ext_ku = { @@ -97,8 +98,9 @@ ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE) IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) -static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - void *a, STACK_OF(CONF_VALUE) *ext_list) +static STACK_OF(CONF_VALUE) * + i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *a, + STACK_OF(CONF_VALUE) *ext_list) { EXTENDED_KEY_USAGE *eku = a; int i; @@ -112,8 +114,8 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, return ext_list; } -static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { EXTENDED_KEY_USAGE *extku; char *extval; diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index f3015ea610..3ad5b29afc 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -84,20 +84,26 @@ int X509V3_EXT_add(X509V3_EXT_METHOD *ext) } static int ext_cmp(const X509V3_EXT_METHOD * const *a, - const X509V3_EXT_METHOD * const *b) + const X509V3_EXT_METHOD * const *b) { return ((*a)->ext_nid - (*b)->ext_nid); } -X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) +DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *, + ext_cmp); +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, + const X509V3_EXT_METHOD *, ext_cmp); + +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) { - X509V3_EXT_METHOD tmp, *t = &tmp, **ret; + X509V3_EXT_METHOD tmp; + const X509V3_EXT_METHOD *t = &tmp, * const *ret; int idx; if(nid < 0) return NULL; tmp.ext_nid = nid; - ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t, - (char *)standard_exts, STANDARD_EXTENSION_COUNT, - sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp); + ret = OBJ_bsearch(const X509V3_EXT_METHOD *, &t, + const X509V3_EXT_METHOD *, standard_exts, + STANDARD_EXTENSION_COUNT, ext_cmp); if(ret) return *ret; if(!ext_list) return NULL; idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); @@ -105,7 +111,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) return sk_X509V3_EXT_METHOD_value(ext_list, idx); } -X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) { int nid; if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL; @@ -122,7 +128,9 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) int X509V3_EXT_add_alias(int nid_to, int nid_from) { - X509V3_EXT_METHOD *ext, *tmpext; + const X509V3_EXT_METHOD *ext; + X509V3_EXT_METHOD *tmpext; + if(!(ext = X509V3_EXT_get_nid(nid_from))) { X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); return 0; @@ -161,7 +169,7 @@ int X509V3_add_standard_extensions(void) void *X509V3_EXT_d2i(X509_EXTENSION *ext) { - X509V3_EXT_METHOD *method; + const X509V3_EXT_METHOD *method; const unsigned char *p; if(!(method = X509V3_EXT_get(ext))) return NULL; diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 9a99cb2fa0..452437da48 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -63,13 +63,13 @@ #include #include -static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, +static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind); -static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, char *name); +static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name); static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); @@ -106,8 +106,8 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) -static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { int i; CONF_VALUE tval, *val; @@ -162,8 +162,8 @@ static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, -static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, - void *a, BIO *bp, int ind) +static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, + BIO *bp, int ind) { NAME_CONSTRAINTS *ncons = a; do_i2r_name_constraints(method, ncons->permittedSubtrees, @@ -173,9 +173,9 @@ static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, return 1; } -static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, char *name) +static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name) { GENERAL_SUBTREE *tree; int i; diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c index 62aac06335..ac1fee6987 100644 --- a/crypto/x509v3/v3_ocsp.c +++ b/crypto/x509v3/v3_ocsp.c @@ -68,19 +68,26 @@ /* OCSP extensions and a couple of CRL entry extensions */ -static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); -static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); -static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent); +static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); +static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); +static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, + int indent); static void *ocsp_nonce_new(void); static int i2d_ocsp_nonce(void *a, unsigned char **pp); static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); static void ocsp_nonce_free(void *a); -static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); +static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); -static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent); -static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str); -static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind); +static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, + void *nocheck, BIO *out, int indent); +static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + const char *str); +static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, + BIO *bp, int ind); const X509V3_EXT_METHOD v3_ocsp_crlid = { NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), @@ -148,7 +155,8 @@ const X509V3_EXT_METHOD v3_ocsp_serviceloc = { NULL }; -static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) +static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, + int ind) { OCSP_CRLID *a = in; if (a->crlUrl) @@ -174,7 +182,8 @@ static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) return 0; } -static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind) +static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, + BIO *bp, int ind) { if (!BIO_printf(bp, "%*s", ind, "")) return 0; if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0; @@ -182,7 +191,8 @@ static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, in } -static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) +static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, + int ind) { if (!BIO_printf(bp, "%*s", ind, "")) return 0; if(!i2a_ASN1_OBJECT(bp, oid)) return 0; @@ -232,7 +242,8 @@ static void ocsp_nonce_free(void *a) M_ASN1_OCTET_STRING_free(a); } -static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent) +static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent) { if(BIO_printf(out, "%*s", indent, "") <= 0) return 0; if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0; @@ -241,17 +252,20 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int /* Nocheck is just a single NULL. Don't print anything and always set it */ -static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent) +static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, + BIO *out, int indent) { return 1; } -static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) +static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + const char *str) { return ASN1_NULL_new(); } -static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) +static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, + BIO *bp, int ind) { int i; OCSP_SERVICELOC *a = in; diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c index 13248c2ada..a14aa306ec 100644 --- a/crypto/x509v3/v3_pcons.c +++ b/crypto/x509v3/v3_pcons.c @@ -64,10 +64,12 @@ #include #include -static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - void *bcons, STACK_OF(CONF_VALUE) *extlist); -static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); +static STACK_OF(CONF_VALUE) * +i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons, + STACK_OF(CONF_VALUE) *extlist); +static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values); const X509V3_EXT_METHOD v3_policy_constraints = { NID_policy_constraints, 0, @@ -88,8 +90,9 @@ ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) -static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - void *a, STACK_OF(CONF_VALUE) *extlist) +static STACK_OF(CONF_VALUE) * +i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, + STACK_OF(CONF_VALUE) *extlist) { POLICY_CONSTRAINTS *pcons = a; X509V3_add_value_int("Require Explicit Policy", @@ -99,8 +102,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, return extlist; } -static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) +static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) { POLICY_CONSTRAINTS *pcons=NULL; CONF_VALUE *val; diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c index 626303264f..bac5a5071d 100644 --- a/crypto/x509v3/v3_pmaps.c +++ b/crypto/x509v3/v3_pmaps.c @@ -63,10 +63,11 @@ #include #include -static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - void *pmps, STACK_OF(CONF_VALUE) *extlist); +static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static STACK_OF(CONF_VALUE) * +i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *pmps, + STACK_OF(CONF_VALUE) *extlist); const X509V3_EXT_METHOD v3_policy_mappings = { NID_policy_mappings, 0, @@ -92,8 +93,9 @@ ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) -static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - void *a, STACK_OF(CONF_VALUE) *ext_list) +static STACK_OF(CONF_VALUE) * +i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *a, + STACK_OF(CONF_VALUE) *ext_list) { POLICY_MAPPINGS *pmaps = a; POLICY_MAPPING *pmap; @@ -109,8 +111,8 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, return ext_list; } -static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { POLICY_MAPPINGS *pmaps; POLICY_MAPPING *pmap; diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 20bd9bda19..feb57684f2 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -110,7 +110,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde void *ext_str = NULL; char *value = NULL; const unsigned char *p; - X509V3_EXT_METHOD *method; + const X509V3_EXT_METHOD *method; STACK_OF(CONF_VALUE) *nval = NULL; int ok = 1; diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 1ca370dc0b..a5d9805ce4 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -267,11 +267,14 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp) return xp->trust; } -static int nid_cmp(int *a, int *b) +static int nid_cmp(const int *a, const int *b) { return *a - *b; } +DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid_cmp); +IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid_cmp); + int X509_supported_extension(X509_EXTENSION *ex) { /* This table is a list of the NIDs of supported extensions: @@ -282,7 +285,7 @@ int X509_supported_extension(X509_EXTENSION *ex) * searched using bsearch. */ - static int supported_nids[] = { + static const int supported_nids[] = { NID_netscape_cert_type, /* 71 */ NID_key_usage, /* 83 */ NID_subject_alt_name, /* 85 */ @@ -300,16 +303,13 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_inhibit_any_policy /* 748 */ }; - int ex_nid; - - ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); + const int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); if (ex_nid == NID_undef) return 0; - if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids, - sizeof(supported_nids)/sizeof(int), sizeof(int), - (int (*)(const void *, const void *))nid_cmp)) + if (OBJ_bsearch(int, &ex_nid, int, supported_nids, + sizeof(supported_nids)/sizeof(int), nid_cmp)) return 1; return 0; } diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 22b1b7fe39..460a04077c 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -76,12 +76,19 @@ typedef void * (*X509V3_EXT_NEW)(void); typedef void (*X509V3_EXT_FREE)(void *); typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); -typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); -typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); -typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); -typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); -typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); -typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext); +typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); /* V3 extension structure */ @@ -533,8 +540,8 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); -GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); DECLARE_ASN1_FUNCTIONS(OTHERNAME) DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) @@ -584,14 +591,15 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, - X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - int gen_type, char *value, int is_nc); + const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + int gen_type, char *value, int is_nc); #ifdef HEADER_CONF_H -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf); -GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); @@ -644,8 +652,8 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); int X509V3_EXT_add_alias(int nid_to, int nid_from); void X509V3_EXT_cleanup(void); -X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); -X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); int X509V3_add_standard_extensions(void); STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); void *X509V3_EXT_d2i(X509_EXTENSION *ext); diff --git a/engines/Makefile b/engines/Makefile index fdf8774336..1cdfb2625d 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -219,8 +219,7 @@ e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h e_capi.o: ../include/openssl/evp.h ../include/openssl/lhash.h e_capi.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_capi.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -e_capi.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_capi.o: ../include/openssl/rsa.h ../include/openssl/safestack.h e_capi.o: ../include/openssl/sha.h ../include/openssl/stack.h e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index d9486916f2..bd28b75e84 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -175,9 +175,9 @@ void dtls1_clear(SSL *s) * to explicitly list their SSL_* codes. Currently RC4 is the only one * available, but if new ones emerge, they will have to be added... */ -SSL_CIPHER *dtls1_get_cipher(unsigned int u) +const SSL_CIPHER *dtls1_get_cipher(unsigned int u) { - SSL_CIPHER *ciph = ssl3_get_cipher(u); + const SSL_CIPHER *ciph = ssl3_get_cipher(u); if (ciph != NULL) { diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index 88fb564a2b..e3fce53430 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -74,7 +74,7 @@ int ssl23_num_ciphers(void) ); } -SSL_CIPHER *ssl23_get_cipher(unsigned int u) +const SSL_CIPHER *ssl23_get_cipher(unsigned int u) { unsigned int uu=ssl3_num_ciphers(); @@ -90,9 +90,10 @@ SSL_CIPHER *ssl23_get_cipher(unsigned int u) /* This function needs to check if the ciphers required are actually * available */ -SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; + SSL_CIPHER c; + const SSL_CIPHER *cp; unsigned long id; int n; diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 25148d3397..d93a2c797f 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -121,7 +121,7 @@ const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT; #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) /* list of available SSLv2 ciphers (sorted by id) */ -OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ +OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={ #if 0 /* NULL_WITH_MD5 v3 */ { @@ -303,7 +303,7 @@ int ssl2_num_ciphers(void) return(SSL2_NUM_CIPHERS); } -SSL_CIPHER *ssl2_get_cipher(unsigned int u) +const SSL_CIPHER *ssl2_get_cipher(unsigned int u) { if (u < SSL2_NUM_CIPHERS) return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u])); @@ -412,20 +412,22 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) return(0); } +IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER, + ssl_cipher_id_cmp); + /* This function needs to check if the ciphers required are actually * available */ -SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; + SSL_CIPHER c; + const SSL_CIPHER *cp; unsigned long id; id=0x02000000L|((unsigned long)p[0]<<16L)| ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; c.id=id; - cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, - (char *)ssl2_ciphers, - SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER), - FP_ICC ssl_cipher_id_cmp); + cp = OBJ_bsearch(const SSL_CIPHER, &c, const SSL_CIPHER, ssl2_ciphers, + SSL2_NUM_CIPHERS, ssl_cipher_id_cmp); if ((cp == NULL) || (cp->valid == 0)) return NULL; else diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c index 2bffa78ff4..f0e8ca593d 100644 --- a/ssl/s2_meth.c +++ b/ssl/s2_meth.c @@ -71,9 +71,9 @@ static const SSL_METHOD *ssl2_get_method(int ver) } IMPLEMENT_ssl2_meth_func(SSLv2_method, - ssl2_accept, - ssl2_connect, - ssl2_get_method) + ssl2_accept, + ssl2_connect, + ssl2_get_method) #else /* !OPENSSL_NO_SSL2 */ diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 6490d0bf1b..b43a046aa6 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -366,7 +366,7 @@ static int get_client_master_key(SSL *s) int is_export,i,n,keya,ek; unsigned long len; unsigned char *p; - SSL_CIPHER *cp; + const SSL_CIPHER *cp; const EVP_CIPHER *c; const EVP_MD *md; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index e339dbc431..aae133429c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -719,7 +719,7 @@ err: int ssl3_get_server_hello(SSL *s) { STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; + const SSL_CIPHER *c; unsigned char *p,*d; int i,al,ok; unsigned int j; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index f09238f187..7e896997b2 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2101,7 +2101,7 @@ int ssl3_num_ciphers(void) return(SSL3_NUM_CIPHERS); } -SSL_CIPHER *ssl3_get_cipher(unsigned int u) +const SSL_CIPHER *ssl3_get_cipher(unsigned int u) { if (u < SSL3_NUM_CIPHERS) return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); @@ -2786,17 +2786,16 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) /* This function needs to check if the ciphers required are actually * available */ -SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; + SSL_CIPHER c; + const SSL_CIPHER *cp; unsigned long id; id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; c.id=id; - cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, - (char *)ssl3_ciphers, - SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER), - FP_ICC ssl_cipher_id_cmp); + cp = OBJ_bsearch(SSL_CIPHER, &c, SSL_CIPHER, ssl3_ciphers, + SSL3_NUM_CIPHERS, ssl_cipher_id_cmp); if (cp == NULL || cp->valid == 0) return NULL; else diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c index 6b39ce89f6..cdddb17b62 100644 --- a/ssl/s3_meth.c +++ b/ssl/s3_meth.c @@ -70,8 +70,8 @@ static const SSL_METHOD *ssl3_get_method(int ver) } IMPLEMENT_ssl3_meth_func(SSLv3_method, - ssl3_accept, - ssl3_connect, - ssl3_get_method) + ssl3_accept, + ssl3_connect, + ssl3_get_method) diff --git a/ssl/ssl.h b/ssl/ssl.h index d3fdccdf89..f23f24b737 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -401,11 +401,11 @@ typedef struct ssl_method_st int (*ssl_dispatch_alert)(SSL *s); long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); - SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); + const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); int (*ssl_pending)(const SSL *s); int (*num_ciphers)(void); - SSL_CIPHER *(*get_cipher)(unsigned ncipher); + const SSL_CIPHER *(*get_cipher)(unsigned ncipher); const struct ssl_method_st *(*get_ssl_method)(int version); long (*get_timeout)(void); struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ @@ -483,7 +483,7 @@ typedef struct ssl_session_st int compress_meth; /* Need to lookup the method */ - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this * needs to be used to load * the 'cipher' structure */ @@ -1431,7 +1431,7 @@ int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); -SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); char * SSL_CIPHER_get_version(const SSL_CIPHER *c); const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 646a8e6cce..56f17f66d3 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -465,7 +465,7 @@ typedef struct ssl3_state_st int message_type; /* used to hold the new cipher we are going to use */ - SSL_CIPHER *new_cipher; + const SSL_CIPHER *new_cipher; #ifndef OPENSSL_NO_DH DH *dh; #endif diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index c31d6e0c78..e60a490a52 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -207,7 +207,7 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ typedef struct cipher_order_st { - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; int active; int dead; struct cipher_order_st *next,*prev; @@ -437,7 +437,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) { int i; - SSL_CIPHER *c; + const SSL_CIPHER *c; c=s->cipher; if (c == NULL) return(0); @@ -682,7 +682,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { int i, co_list_num; - SSL_CIPHER *c; + const SSL_CIPHER *c; /* * We have num_of_ciphers descriptions compiled in, depending on the @@ -745,7 +745,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, } } -static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, +static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases, unsigned long disabled_mkey, unsigned long disabled_auth, unsigned long disabled_enc, unsigned long disabled_mac, @@ -753,7 +753,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, CIPHER_ORDER *head) { CIPHER_ORDER *ciph_curr; - SSL_CIPHER **ca_curr; + const SSL_CIPHER **ca_curr; int i; unsigned long mask_mkey = ~disabled_mkey; unsigned long mask_auth = ~disabled_auth; @@ -823,7 +823,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { CIPHER_ORDER *head, *tail, *curr, *curr2, *last; - SSL_CIPHER *cp; + const SSL_CIPHER *cp; int reverse = 0; #ifdef CIPHER_DEBUG @@ -999,7 +999,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, static int ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, - SSL_CIPHER **ca_list) + const SSL_CIPHER **ca_list) { unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; const char *l, *start, *buf; @@ -1258,7 +1258,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; const char *rule_p; CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; - SSL_CIPHER **ca_list = NULL; + const SSL_CIPHER **ca_list = NULL; /* * Return with error if nothing to do. @@ -1345,8 +1345,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; - ca_list = - (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); + ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); if (ca_list == NULL) { OPENSSL_free(co_list); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 203bce661a..803894c44f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1348,7 +1348,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, STACK_OF(SSL_CIPHER) **skp) { - SSL_CIPHER *c; + const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; int i,n; @@ -1751,7 +1751,7 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) X509_VERIFY_PARAM_set_depth(ctx->param, depth); } -void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) +void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) { CERT_PKEY *cpk; int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; @@ -1963,7 +1963,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs) +int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) { unsigned long alg_k, alg_a; EVP_PKEY *pkey = NULL; @@ -2109,7 +2109,7 @@ X509 *ssl_get_server_send_cert(SSL *s) return(c->pkeys[i].x509); } -EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher) +EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher) { unsigned long alg_a; CERT *c; @@ -2547,7 +2547,7 @@ EVP_PKEY *SSL_get_privatekey(SSL *s) return(NULL); } -SSL_CIPHER *SSL_get_current_cipher(const SSL *s) +const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) { if ((s->session != NULL) && (s->session->cipher != NULL)) return(s->session->cipher); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a499a16ea5..ad69a71ff5 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -577,7 +577,7 @@ typedef struct ssl3_buf_freelist_entry_st #endif extern SSL3_ENC_METHOD ssl3_undef_enc_method; -OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; +OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[]; OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; @@ -784,6 +784,8 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); +DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER, + ssl_cipher_id_cmp); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, const SSL_CIPHER * const *bp); STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, @@ -803,9 +805,9 @@ int ssl_undefined_function(SSL *s); int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); X509 *ssl_get_server_send_cert(SSL *); -EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); +EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *); int ssl_cert_type(X509 *x,EVP_PKEY *pkey); -void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); +void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); @@ -814,7 +816,7 @@ int ssl2_enc_init(SSL *s, int client); int ssl2_generate_key_material(SSL *s); void ssl2_enc(SSL *s,int send_data); void ssl2_mac(SSL *s,unsigned char *mac,int send_data); -SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); +const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); int ssl2_part_read(SSL *s, unsigned long f, int i); int ssl2_do_write(SSL *s); @@ -822,7 +824,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data); void ssl2_return_error(SSL *s,int reason); void ssl2_write_error(SSL *s); int ssl2_num_ciphers(void); -SSL_CIPHER *ssl2_get_cipher(unsigned int u); +const SSL_CIPHER *ssl2_get_cipher(unsigned int u); int ssl2_new(SSL *s); void ssl2_free(SSL *s); int ssl2_accept(SSL *s); @@ -839,7 +841,7 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); int ssl2_pending(const SSL *s); long ssl2_default_timeout(void ); -SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); +const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); void ssl3_init_finished_mac(SSL *s); int ssl3_send_server_certificate(SSL *s); @@ -858,7 +860,7 @@ int ssl3_get_req_cert_type(SSL *s,unsigned char *p); long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen); int ssl3_num_ciphers(void); -SSL_CIPHER *ssl3_get_cipher(unsigned int u); +const SSL_CIPHER *ssl3_get_cipher(unsigned int u); int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl); int ssl3_dispatch_alert(SSL *s); @@ -899,12 +901,12 @@ int ssl3_do_change_cipher_spec(SSL *ssl); long ssl3_default_timeout(void ); int ssl23_num_ciphers(void ); -SSL_CIPHER *ssl23_get_cipher(unsigned int u); +const SSL_CIPHER *ssl23_get_cipher(unsigned int u); int ssl23_read(SSL *s, void *buf, int len); int ssl23_peek(SSL *s, void *buf, int len); int ssl23_write(SSL *s, const void *buf, int len); int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); +const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); long ssl23_default_timeout(void ); long tls1_default_timeout(void); @@ -934,7 +936,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); long dtls1_default_timeout(void); -SSL_CIPHER *dtls1_get_cipher(unsigned int u); +const SSL_CIPHER *dtls1_get_cipher(unsigned int u); /* some client-only functions */ @@ -1020,7 +1022,7 @@ int ssl3_alert_code(int code); int ssl_ok(SSL *s); #ifndef OPENSSL_NO_ECDH -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); +int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs); #endif SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index b20ab0fb05..c76f6677b4 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -317,7 +317,7 @@ static void sv_usage(void) static void print_details(SSL *c_ssl, const char *prefix) { - SSL_CIPHER *ciph; + const SSL_CIPHER *ciph; X509 *cert; ciph=SSL_get_current_cipher(c_ssl); @@ -2408,7 +2408,7 @@ static int do_test_cipherlist(void) { int i = 0; const SSL_METHOD *meth; - SSL_CIPHER *ci, *tci = NULL; + const SSL_CIPHER *ci, *tci = NULL; #ifndef OPENSSL_NO_SSL2 fprintf(stderr, "testing SSLv2 cipher list order: ");