Nice to see the "const unsigned char *p = d;" hackery going away. ok bcook@
On Tue, Apr 24, 2018 at 2:50 PM, Theo Buehler <t...@openbsd.org> wrote:
> OpenSSL started adding const to functions all over the place. The patch
> below makes all our libssl functions match theirs wrt const, except for
> BIO_f_ssl(3). I plan to do this one in a later step as a reacharound
> into libcrypto would about double the size of the diff.
>
> This diff was put through an i386 bulk build by sthen (thanks!) and only
> had minimal fallout which I'll deal with when committing this diff.
>
> Index: lib/libssl/ssl.h
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl.h,v
> retrieving revision 1.155
> diff -u -p -r1.155 ssl.h
> --- lib/libssl/ssl.h 11 Apr 2018 17:47:36 -0000 1.155
> +++ lib/libssl/ssl.h 20 Apr 2018 14:25:04 -0000
> @@ -727,10 +727,10 @@ void SSL_CTX_sess_set_remove_cb(SSL_CTX
> void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
> SSL_SESSION *sess);
> void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
> - SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char
> *data,
> - int len, int *copy));
> + SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
> + const unsigned char *data, int len, int *copy));
> SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
> - unsigned char *Data, int len, int *copy);
> + const unsigned char *Data, int len, int *copy);
> void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
> int type, int val));
> void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
> @@ -746,7 +746,7 @@ void SSL_CTX_set_cookie_generate_cb(SSL_
> int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
> unsigned int *cookie_len));
> void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
> - int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
> + int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie,
> unsigned int cookie_len));
> void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL
> *ssl,
> const unsigned char **out, unsigned int *outlen, void *arg), void
> *arg);
> @@ -1247,7 +1247,7 @@ const SSL_CIPHER *SSL_get_current_cipher
> const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id);
> const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value);
> int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
> -char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
> +const char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
> const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
> unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
> uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
> @@ -1279,7 +1279,7 @@ void SSL_set_verify(SSL *s, int mode,
> int (*callback)(int ok, X509_STORE_CTX *ctx));
> void SSL_set_verify_depth(SSL *s, int depth);
> int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
> -int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
> +int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long
> len);
> int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
> int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
> long len);
> int SSL_use_certificate(SSL *ssl, X509 *x);
> @@ -1457,12 +1457,12 @@ long SSL_get_default_timeout(const SSL *
> int SSL_library_init(void );
>
> char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
> -STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
> +STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
>
> SSL *SSL_dup(SSL *ssl);
>
> X509 *SSL_get_certificate(const SSL *ssl);
> -/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
> +/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
>
> void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
> int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
> Index: lib/libssl/ssl_cert.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_cert.c,v
> retrieving revision 1.66
> diff -u -p -r1.66 ssl_cert.c
> --- lib/libssl/ssl_cert.c 12 Aug 2017 02:55:22 -0000 1.66
> +++ lib/libssl/ssl_cert.c 20 Apr 2018 14:25:04 -0000
> @@ -454,7 +454,7 @@ set_client_CA_list(STACK_OF(X509_NAME) *
> }
>
> STACK_OF(X509_NAME) *
> -SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
> +SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
> {
> int i;
> STACK_OF(X509_NAME) *ret;
> Index: lib/libssl/ssl_ciph.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_ciph.c,v
> retrieving revision 1.98
> diff -u -p -r1.98 ssl_ciph.c
> --- lib/libssl/ssl_ciph.c 17 Mar 2018 14:40:45 -0000 1.98
> +++ lib/libssl/ssl_ciph.c 20 Apr 2018 14:25:04 -0000
> @@ -1674,7 +1674,7 @@ SSL_CIPHER_description(const SSL_CIPHER
> return (ret);
> }
>
> -char *
> +const char *
> SSL_CIPHER_get_version(const SSL_CIPHER *c)
> {
> if (c == NULL)
> Index: lib/libssl/ssl_lib.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_lib.c,v
> retrieving revision 1.184
> diff -u -p -r1.184 ssl_lib.c
> --- lib/libssl/ssl_lib.c 14 Apr 2018 07:09:21 -0000 1.184
> +++ lib/libssl/ssl_lib.c 20 Apr 2018 14:25:04 -0000
> @@ -2654,7 +2654,7 @@ SSL_get_certificate(const SSL *s)
>
> /* Fix this function so that it takes an optional type parameter */
> EVP_PKEY *
> -SSL_get_privatekey(SSL *s)
> +SSL_get_privatekey(const SSL *s)
> {
> if (s->cert != NULL)
> return (s->cert->key->privatekey);
> Index: lib/libssl/ssl_locl.h
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_locl.h,v
> retrieving revision 1.204
> diff -u -p -r1.204 ssl_locl.h
> --- lib/libssl/ssl_locl.h 7 Apr 2018 17:02:34 -0000 1.204
> +++ lib/libssl/ssl_locl.h 20 Apr 2018 14:25:04 -0000
> @@ -460,7 +460,7 @@ typedef struct ssl_ctx_internal_st {
> int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
> void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION
> *sess);
> SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
> - unsigned char *data, int len, int *copy);
> + const unsigned char *data, int len, int *copy);
>
> /* if defined, these override the X509_verify_cert() calls */
> int (*app_verify_callback)(X509_STORE_CTX *, void *);
> @@ -474,7 +474,7 @@ typedef struct ssl_ctx_internal_st {
> unsigned int *cookie_len);
>
> /* verify cookie callback */
> - int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
> + int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie,
> unsigned int cookie_len);
>
> void (*info_callback)(const SSL *ssl,int type,int val); /* used if
> SSL's info_callback is NULL */
> Index: lib/libssl/ssl_rsa.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_rsa.c,v
> retrieving revision 1.28
> diff -u -p -r1.28 ssl_rsa.c
> --- lib/libssl/ssl_rsa.c 7 Feb 2017 02:08:38 -0000 1.28
> +++ lib/libssl/ssl_rsa.c 20 Apr 2018 14:25:04 -0000
> @@ -133,7 +133,7 @@ SSL_use_certificate_ASN1(SSL *ssl, const
> X509 *x;
> int ret;
>
> - x = d2i_X509(NULL, &d,(long)len);
> + x = d2i_X509(NULL, &d, (long)len);
> if (x == NULL) {
> SSLerror(ssl, ERR_R_ASN1_LIB);
> return (0);
> @@ -254,14 +254,12 @@ end:
> }
>
> int
> -SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
> +SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
> {
> int ret;
> - const unsigned char *p;
> RSA *rsa;
>
> - p = d;
> - if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
> + if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
> SSLerror(ssl, ERR_R_ASN1_LIB);
> return (0);
> }
> @@ -332,11 +330,9 @@ int
> SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long
> len)
> {
> int ret;
> - const unsigned char *p;
> EVP_PKEY *pkey;
>
> - p = d;
> - if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
> + if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
> SSLerror(ssl, ERR_R_ASN1_LIB);
> return (0);
> }
> @@ -465,7 +461,7 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ct
> X509 *x;
> int ret;
>
> - x = d2i_X509(NULL, &d,(long)len);
> + x = d2i_X509(NULL, &d, (long)len);
> if (x == NULL) {
> SSLerrorx(ERR_R_ASN1_LIB);
> return (0);
> @@ -547,11 +543,9 @@ int
> SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
> long len)
> {
> int ret;
> - const unsigned char *p;
> RSA *rsa;
>
> - p = d;
> - if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
> + if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
> SSLerrorx(ERR_R_ASN1_LIB);
> return (0);
> }
> @@ -620,11 +614,9 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SS
> long len)
> {
> int ret;
> - const unsigned char *p;
> EVP_PKEY *pkey;
>
> - p = d;
> - if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
> + if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
> SSLerrorx(ERR_R_ASN1_LIB);
> return (0);
> }
> Index: lib/libssl/ssl_sess.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_sess.c,v
> retrieving revision 1.79
> diff -u -p -r1.79 ssl_sess.c
> --- lib/libssl/ssl_sess.c 20 Mar 2018 15:28:12 -0000 1.79
> +++ lib/libssl/ssl_sess.c 20 Apr 2018 14:25:04 -0000
> @@ -1092,13 +1092,13 @@ void
>
> void
> SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st
> *ssl,
> - unsigned char *data, int len, int *copy))
> + const unsigned char *data, int len, int *copy))
> {
> ctx->internal->get_session_cb = cb;
> }
>
> SSL_SESSION *
> -(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data,
> +(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, const unsigned char
> *data,
> int len, int *copy)
> {
> return ctx->internal->get_session_cb;
> @@ -1158,7 +1158,7 @@ SSL_CTX_set_cookie_generate_cb(SSL_CTX *
>
> void
> SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
> - int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
> + int (*cb)(SSL *ssl, const unsigned char *cookie, unsigned int
> cookie_len))
> {
> ctx->internal->app_verify_cookie_cb = cb;
> }
> Index: usr.bin/openssl/s_apps.h
> ===================================================================
> RCS file: /var/cvs/src/usr.bin/openssl/s_apps.h,v
> retrieving revision 1.4
> diff -u -p -r1.4 s_apps.h
> --- usr.bin/openssl/s_apps.h 30 Dec 2016 17:25:48 -0000 1.4
> +++ usr.bin/openssl/s_apps.h 20 Apr 2018 14:25:04 -0000
> @@ -147,5 +147,5 @@ void tlsext_cb(SSL *s, int client_server
>
> int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
> unsigned int *cookie_len);
> -int verify_cookie_callback(SSL *ssl, unsigned char *cookie,
> +int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
> unsigned int cookie_len);
> Index: usr.bin/openssl/s_cb.c
> ===================================================================
> RCS file: /var/cvs/src/usr.bin/openssl/s_cb.c,v
> retrieving revision 1.9
> diff -u -p -r1.9 s_cb.c
> --- usr.bin/openssl/s_cb.c 15 Jan 2018 11:02:07 -0000 1.9
> +++ usr.bin/openssl/s_cb.c 20 Apr 2018 14:25:04 -0000
> @@ -821,7 +821,8 @@ generate_cookie_callback(SSL * ssl, unsi
> }
>
> int
> -verify_cookie_callback(SSL * ssl, unsigned char *cookie, unsigned int
> cookie_len)
> +verify_cookie_callback(SSL * ssl, const unsigned char *cookie,
> + unsigned int cookie_len)
> {
> unsigned char *buffer, result[EVP_MAX_MD_SIZE];
> unsigned int length, resultlength;
>
