diff --git a/CHANGES b/CHANGES index 5e9d4dd7d..4eb839823 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,15 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) The STACK code has been cleaned up, and certain type declarations + that didn't make a lot of sense have been brought in line. This has + also involved a cleanup of sorts in safestack.h to more correctly + map type-safe stack functions onto their plain stack counterparts. + This work has also resulted in a variety of "const"ifications of + lots of the code, especially "_cmp" operations which should normally + be prototyped with "const" parameters anyway. + [Geoff Thorpe] + *) When generating bytes for the first time in md_rand.c, 'stir the pool' by seeding with STATE_SIZE dummy bytes (with zero entropy count). (The PRNG state consists of two parts, the large pool 'state' and 'md', diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index ab8417ffa..1ef147830 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -65,7 +65,8 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; static void st_free(ASN1_STRING_TABLE *tbl); -static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b); +static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, + const ASN1_STRING_TABLE * const *b); static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b); @@ -173,7 +174,8 @@ static ASN1_STRING_TABLE tbl_standard[] = { {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK} }; -static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b) +static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, + const ASN1_STRING_TABLE * const *b) { return (*a)->nid - (*b)->nid; } diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 12a42d04c..39fe8916f 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -61,8 +61,10 @@ #include #include -static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b); -static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b); +static int X509_REVOKED_cmp(const X509_REVOKED * const *a, + const X509_REVOKED * const *b); +static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, + const X509_REVOKED * const *b); int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp) { M_ASN1_I2D_vars(a); @@ -100,7 +102,8 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp) { int v1=0; long l=0; - int (*old_cmp)(X509_REVOKED **,X509_REVOKED **); + int (*old_cmp)(const X509_REVOKED * const *, + const X509_REVOKED * const *); M_ASN1_I2D_vars(a); old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp); @@ -325,14 +328,16 @@ void X509_CRL_free(X509_CRL *a) Free(a); } -static int X509_REVOKED_cmp(X509_REVOKED **a, X509_REVOKED **b) +static int X509_REVOKED_cmp(const X509_REVOKED * const *a, + const X509_REVOKED * const *b) { return(ASN1_STRING_cmp( (ASN1_STRING *)(*a)->serialNumber, (ASN1_STRING *)(*b)->serialNumber)); } -static int X509_REVOKED_seq_cmp(X509_REVOKED **a, X509_REVOKED **b) +static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, + const X509_REVOKED * const *b) { return((*a)->sequence-(*b)->sequence); } diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 5abd0ec8f..36d47ef11 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -94,8 +94,10 @@ static char * strip_end(char *name); static MIME_HEADER *mime_hdr_new(char *name, char *value); static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); -static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b); -static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b); +static int mime_hdr_cmp(const MIME_HEADER * const *a, + const MIME_HEADER * const *b); +static int mime_param_cmp(const MIME_PARAM * const *a, + const MIME_PARAM * const *b); static void mime_param_free(MIME_PARAM *param); static int mime_bound_check(char *line, int linelen, char *bound, int blen); static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); @@ -614,12 +616,14 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) return 1; } -static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b) +static int mime_hdr_cmp(const MIME_HEADER * const *a, + const MIME_HEADER * const *b) { return(strcmp((*a)->name, (*b)->name)); } -static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b) +static int mime_param_cmp(const MIME_PARAM * const *a, + const MIME_PARAM * const *b) { return(strcmp((*a)->param_name, (*b)->param_name)); } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index a0aaad836..a5cb55558 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -659,11 +659,14 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); -int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len); -int X509_CRL_digest(X509_CRL *data,const EVP_MD *type,unsigned char *md,unsigned int *len); -int X509_REQ_digest(X509_REQ *data,const EVP_MD *type,unsigned char *md,unsigned int *len); -int X509_NAME_digest(X509_NAME *data,const EVP_MD *type, - unsigned char *md,unsigned int *len); +int X509_digest(const X509 *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); #endif #ifndef NO_FP_API @@ -963,20 +966,20 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); -int X509_issuer_and_serial_cmp(X509 *a, X509 *b); +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); unsigned long X509_issuer_and_serial_hash(X509 *a); -int X509_issuer_name_cmp(X509 *a, X509 *b); +int X509_issuer_name_cmp(const X509 *a, const X509 *b); unsigned long X509_issuer_name_hash(X509 *a); -int X509_subject_name_cmp(X509 *a,X509 *b); +int X509_subject_name_cmp(const X509 *a, const X509 *b); unsigned long X509_subject_name_hash(X509 *x); -int X509_cmp (X509 *a, X509 *b); -int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); unsigned long X509_NAME_hash(X509_NAME *x); -int X509_CRL_cmp(X509_CRL *a,X509_CRL *b); +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); #ifndef NO_FP_API int X509_print_fp(FILE *bp,X509 *x); int X509_CRL_print_fp(FILE *bp,X509_CRL *x); diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index a8a5ca8b0..0452b025b 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -63,7 +63,7 @@ #include #include -int X509_issuer_and_serial_cmp(X509 *a, X509 *b) +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) { int i; X509_CINF *ai,*bi; @@ -97,17 +97,17 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) } #endif -int X509_issuer_name_cmp(X509 *a, X509 *b) +int X509_issuer_name_cmp(const X509 *a, const X509 *b) { return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); } -int X509_subject_name_cmp(X509 *a, X509 *b) +int X509_subject_name_cmp(const X509 *a, const X509 *b) { return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); } -int X509_CRL_cmp(X509_CRL *a, X509_CRL *b) +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) { return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); } @@ -139,19 +139,25 @@ unsigned long X509_subject_name_hash(X509 *x) #ifndef NO_SHA /* Compare two certificates: they must be identical for - * this to work. + * this to work. NB: Although "cmp" operations are generally + * prototyped to take "const" arguments (eg. for use in + * STACKs), the way X509 handling is - these operations may + * involve ensuring the hashes are up-to-date and ensuring + * certain cert information is cached. So this is the point + * where the "depth-first" constification tree has to halt + * with an evil cast. */ -int X509_cmp(X509 *a, X509 *b) +int X509_cmp(const X509 *a, const X509 *b) { /* ensure hash is valid */ - X509_check_purpose(a, -1, 0); - X509_check_purpose(b, -1, 0); + X509_check_purpose((X509 *)a, -1, 0); + X509_check_purpose((X509 *)b, -1, 0); return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); } #endif -int X509_NAME_cmp(X509_NAME *a, X509_NAME *b) +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) { int i,j; X509_NAME_ENTRY *na,*nb; diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index c779aaf94..8637e56d9 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -61,7 +61,8 @@ #include -static int tr_cmp(X509_TRUST **a, X509_TRUST **b); +static int tr_cmp(const X509_TRUST * const *a, + const X509_TRUST * const *b); static void trtable_free(X509_TRUST *p); static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); @@ -88,7 +89,8 @@ IMPLEMENT_STACK_OF(X509_TRUST) static STACK_OF(X509_TRUST) *trtable = NULL; -static int tr_cmp(X509_TRUST **a, X509_TRUST **b) +static int tr_cmp(const X509_TRUST * const *a, + const X509_TRUST * const *b) { return (*a)->trust - (*b)->trust; } diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index b67ca243d..dd5796e20 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -411,25 +411,25 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne) (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne)); } -int X509_digest(X509 *data, const EVP_MD *type, unsigned char *md, +int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)); } -int X509_CRL_digest(X509_CRL *data, const EVP_MD *type, unsigned char *md, +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { return(ASN1_digest((int (*)())i2d_X509_CRL,type,(char *)data,md,len)); } -int X509_REQ_digest(X509_REQ *data, const EVP_MD *type, unsigned char *md, +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { return(ASN1_digest((int (*)())i2d_X509_REQ,type,(char *)data,md,len)); } -int X509_NAME_digest(X509_NAME *data, const EVP_MD *type, unsigned char *md, +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)); diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index dcdf7d607..aa04fb24a 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -66,7 +66,8 @@ static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; -static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b); +static int ext_cmp(const X509V3_EXT_METHOD * const *a, + const X509V3_EXT_METHOD * const *b); static void ext_list_free(X509V3_EXT_METHOD *ext); int X509V3_EXT_add(X509V3_EXT_METHOD *ext) @@ -82,7 +83,8 @@ int X509V3_EXT_add(X509V3_EXT_METHOD *ext) return 1; } -static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b) +static int ext_cmp(const X509V3_EXT_METHOD * const *a, + const X509V3_EXT_METHOD * const *b) { return ((*a)->ext_nid - (*b)->ext_nid); } diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 7b4055f1f..488b97f02 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -63,18 +63,19 @@ static void x509v3_cache_extensions(X509 *x); -static int ca_check(X509 *x); -static int check_ssl_ca(X509 *x); -static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); -static int purpose_smime(X509 *x, int ca); -static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca); -static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca); -static int no_check(X509_PURPOSE *xp, X509 *x, int ca); +static int ca_check(const X509 *x); +static int check_ssl_ca(const X509 *x); +static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca); +static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); +static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); +static int purpose_smime(const X509 *x, int ca); +static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca); +static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca); +static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca); +static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca); -static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b); +static int xp_cmp(const X509_PURPOSE * const *a, + const X509_PURPOSE * const *b); static void xptable_free(X509_PURPOSE *p); static X509_PURPOSE xstandard[] = { @@ -93,15 +94,19 @@ IMPLEMENT_STACK_OF(X509_PURPOSE) static STACK_OF(X509_PURPOSE) *xptable = NULL; -static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b) +static int xp_cmp(const X509_PURPOSE * const *a, + const X509_PURPOSE * const *b) { return (*a)->purpose - (*b)->purpose; } +/* As much as I'd like to make X509_check_purpose use a "const" X509* + * I really can't because it does recalculate hashes and do other non-const + * things. */ int X509_check_purpose(X509 *x, int id, int ca) { int idx; - X509_PURPOSE *pt; + const X509_PURPOSE *pt; if(!(x->ex_flags & EXFLAG_SET)) { CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); @@ -153,7 +158,7 @@ int X509_PURPOSE_get_by_id(int purpose) } int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(X509_PURPOSE *, X509 *, int), + int (*ck)(const X509_PURPOSE *, const X509 *, int), char *name, char *sname, void *arg) { int idx; @@ -343,7 +348,7 @@ static void x509v3_cache_extensions(X509 *x) #define ns_reject(x, usage) \ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) -static int ca_check(X509 *x) +static int ca_check(const X509 *x) { /* keyUsage if present should allow cert signing */ if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; @@ -358,7 +363,7 @@ static int ca_check(X509 *x) } /* Check SSL CA: common checks for SSL client and server */ -static int check_ssl_ca(X509 *x) +static int check_ssl_ca(const X509 *x) { int ca_ret; ca_ret = ca_check(x); @@ -373,7 +378,7 @@ static int check_ssl_ca(X509 *x) } -static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) { if(xku_reject(x,XKU_SSL_CLIENT)) return 0; if(ca) return check_ssl_ca(x); @@ -384,7 +389,7 @@ static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca) return 1; } -static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) { if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; if(ca) return check_ssl_ca(x); @@ -397,7 +402,7 @@ static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) } -static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) { int ret; ret = check_purpose_ssl_server(xp, x, ca); @@ -408,7 +413,7 @@ static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) } /* common S/MIME checks */ -static int purpose_smime(X509 *x, int ca) +static int purpose_smime(const X509 *x, int ca) { if(xku_reject(x,XKU_SMIME)) return 0; if(ca) { @@ -432,7 +437,7 @@ static int purpose_smime(X509 *x, int ca) return 1; } -static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca) { int ret; ret = purpose_smime(x, ca); @@ -441,7 +446,7 @@ static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca) return ret; } -static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca) { int ret; ret = purpose_smime(x, ca); @@ -450,7 +455,7 @@ static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca) return ret; } -static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca) +static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) { if(ca) { int ca_ret; @@ -461,7 +466,7 @@ static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca) return 1; } -static int no_check(X509_PURPOSE *xp, X509 *x, int ca) +static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) { return 1; } diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index f2225d398..c04fc42da 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -334,7 +334,8 @@ typedef struct x509_purpose_st { int purpose; int trust; /* Default trust ID */ int flags; - int (*check_purpose)(struct x509_purpose_st *, X509 *, int); + int (*check_purpose)(const struct x509_purpose_st *, + const X509 *, int); char *name; char *sname; void *usr_data; @@ -536,7 +537,7 @@ X509_PURPOSE * X509_PURPOSE_get0(int idx); int X509_PURPOSE_get_by_sname(char *sname); int X509_PURPOSE_get_by_id(int id); int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(X509_PURPOSE *, X509 *, int), + int (*ck)(const X509_PURPOSE *, const X509 *, int), char *name, char *sname, void *arg); char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 6a09d6aa8..197770794 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -69,7 +69,7 @@ static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); static int ssl3_get_server_hello(SSL *s); static int ssl3_get_certificate_request(SSL *s); -static int ca_dn_cmp(X509_NAME **a,X509_NAME **b); +static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); static int ssl3_get_server_done(SSL *s); static int ssl3_send_client_verify(SSL *s); static int ssl3_send_client_certificate(SSL *s); @@ -1275,7 +1275,7 @@ err: return(ret); } -static int ca_dn_cmp(X509_NAME **a, X509_NAME **b) +static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) { return(X509_NAME_cmp(*a,*b)); } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index e134e6f3e..fc8b8a7a5 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -568,7 +568,7 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) return(add_client_CA(&(ctx->client_CA),x)); } -static int xname_cmp(X509_NAME **a,X509_NAME **b) +static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) { return(X509_NAME_cmp(*a,*b)); } @@ -649,7 +649,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, X509 *x=NULL; X509_NAME *xn=NULL; int ret=1; - int (*oldcmp)(X509_NAME **a, X509_NAME **b); + int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index a5b2b9705..817b6b31f 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1037,7 +1037,8 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) return(NULL); } -static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b) +static int sk_comp_cmp(const SSL_COMP * const *a, + const SSL_COMP * const *b) { return((*a)->id-(*b)->id); } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c515c41b4..f4eb35b15 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -874,7 +874,7 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) } } -int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b) +int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) { long l; @@ -885,7 +885,8 @@ int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b) return((l > 0)?1:-1); } -int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp) +int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, + const SSL_CIPHER * const *bp) { long l; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 9a52bab25..d70fff462 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -423,8 +423,9 @@ void ssl_sess_cert_free(SESS_CERT *sc); int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session,int len); -int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b); -int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp); +int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); +int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, + const SSL_CIPHER * const *bp); STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, STACK_OF(SSL_CIPHER) **skp); int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);