diff options
| -rw-r--r-- | crypto/asn1/a_print.c | 2 | ||||
| -rw-r--r-- | crypto/asn1/asn1.h | 2 | ||||
| -rw-r--r-- | crypto/x509/x509.h | 10 | ||||
| -rw-r--r-- | crypto/x509/x509name.c | 10 | ||||
| -rw-r--r-- | ssl/s23_lib.c | 2 | ||||
| -rw-r--r-- | ssl/s2_lib.c | 2 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 2 | ||||
| -rw-r--r-- | ssl/ssl.h | 116 | ||||
| -rw-r--r-- | ssl/ssl_asn1.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 4 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 8 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 1 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 90 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 9 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 10 | ||||
| -rw-r--r-- | ssl/ssl_txt.c | 4 |
16 files changed, 142 insertions, 132 deletions
diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index 8035513..d18e772 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -60,7 +60,7 @@ #include "cryptlib.h" #include <openssl/asn1.h> -int ASN1_PRINTABLE_type(unsigned char *s, int len) +int ASN1_PRINTABLE_type(const unsigned char *s, int len) { int c; int ia5=0; diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index aad3dcb..f340e08 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -864,7 +864,7 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); /* General */ /* given a string, return the correct type, max is the maximum length */ -int ASN1_PRINTABLE_type(unsigned char *s, int max); +int ASN1_PRINTABLE_type(const unsigned char *s, int max); int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 46673fd..4c7d914 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -1097,18 +1097,18 @@ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - char *field, int type, unsigned char *bytes, int len); + const char *field, int type, const unsigned char *bytes, int len); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); -int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, - unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - ASN1_OBJECT *obj, int type,unsigned char *bytes, + ASN1_OBJECT *obj, int type,const unsigned char *bytes, int len); int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - unsigned char *bytes, int len); + const unsigned char *bytes, int len); ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index 4c20e03..068abfe 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -195,8 +195,8 @@ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, return ret; } -int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, - unsigned char *bytes, int len, int loc, int set) +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, int set) { X509_NAME_ENTRY *ne; int ret; @@ -273,7 +273,7 @@ err: } X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - char *field, int type, unsigned char *bytes, int len) + const char *field, int type, const unsigned char *bytes, int len) { ASN1_OBJECT *obj; X509_NAME_ENTRY *nentry; @@ -309,7 +309,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, } X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - ASN1_OBJECT *obj, int type, unsigned char *bytes, int len) + ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) { X509_NAME_ENTRY *ret; @@ -347,7 +347,7 @@ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) } int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - unsigned char *bytes, int len) + const unsigned char *bytes, int len) { int i; diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index b70002a..8d7dbcf 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -87,7 +87,7 @@ static SSL_METHOD SSLv23_data= { ssl3_ctx_ctrl, ssl23_get_cipher_by_char, ssl23_put_cipher_by_char, - ssl_undefined_function, + ssl_undefined_const_function, ssl23_num_ciphers, ssl23_get_cipher, ssl_bad_method, diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 075e49d..b89b83f 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -262,7 +262,7 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u) return(NULL); } -int ssl2_pending(SSL *s) +int ssl2_pending(const SSL *s) { return SSL_in_init(s) ? 0 : s->s2->ract_data_length; } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index adeb341..bbca61f 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1421,7 +1421,7 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u) return(NULL); } -int ssl3_pending(SSL *s) +int ssl3_pending(const SSL *s) { if (s->rstate == SSL_ST_READ_BODY) return 0; @@ -380,7 +380,7 @@ typedef struct ssl_method_st long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); - int (*ssl_pending)(SSL *s); + int (*ssl_pending)(const SSL *s); int (*num_ciphers)(void); SSL_CIPHER *(*get_cipher)(unsigned ncipher); struct ssl_method_st *(*get_ssl_method)(int version); @@ -1014,8 +1014,8 @@ extern "C" { * -- that we sent (SSL_get_finished) * -- that we expected from peer (SSL_get_peer_finished). * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ -size_t SSL_get_finished(SSL *s, void *buf, size_t count); -size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count); +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options * are 'ored' with SSL_VERIFY_PEER if they are desired */ @@ -1193,26 +1193,26 @@ int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); void SSL_CTX_free(SSL_CTX *); long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); -long SSL_CTX_get_timeout(SSL_CTX *ctx); -X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *); +long SSL_CTX_get_timeout(const SSL_CTX *ctx); +X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); -int SSL_want(SSL *s); +int SSL_want(const SSL *s); int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); -SSL_CIPHER *SSL_get_current_cipher(SSL *s); -int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits); -char * SSL_CIPHER_get_version(SSL_CIPHER *c); -const char * SSL_CIPHER_get_name(SSL_CIPHER *c); - -int SSL_get_fd(SSL *s); -int SSL_get_rfd(SSL *s); -int SSL_get_wfd(SSL *s); -const char * SSL_get_cipher_list(SSL *s,int n); -char * SSL_get_shared_ciphers(SSL *s, char *buf, int len); -int SSL_get_read_ahead(SSL * s); -int SSL_pending(SSL *s); +SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); +char * SSL_CIPHER_get_version(const SSL_CIPHER *c); +const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); + +int SSL_get_fd(const SSL *s); +int SSL_get_rfd(const SSL *s); +int SSL_get_wfd(const SSL *s); +const char * SSL_get_cipher_list(const SSL *s,int n); +char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +int SSL_get_read_ahead(const SSL * s); +int SSL_pending(const SSL *s); #ifndef OPENSSL_NO_SOCK int SSL_set_fd(SSL *s, int fd); int SSL_set_rfd(SSL *s, int fd); @@ -1220,14 +1220,14 @@ int SSL_set_wfd(SSL *s, int fd); #endif #ifndef OPENSSL_NO_BIO void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); -BIO * SSL_get_rbio(SSL *s); -BIO * SSL_get_wbio(SSL *s); +BIO * SSL_get_rbio(const SSL *s); +BIO * SSL_get_wbio(const SSL *s); #endif int SSL_set_cipher_list(SSL *s, const char *str); void SSL_set_read_ahead(SSL *s, int yes); -int SSL_get_verify_mode(SSL *s); -int SSL_get_verify_depth(SSL *s); -int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *); +int SSL_get_verify_mode(const SSL *s); +int SSL_get_verify_depth(const SSL *s); +int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, int (*callback)(int ok,X509_STORE_CTX *ctx)); void SSL_set_verify_depth(SSL *s, int depth); @@ -1265,21 +1265,21 @@ const char *SSL_state_string(const SSL *s); const char *SSL_rstate_string(const SSL *s); const char *SSL_state_string_long(const SSL *s); const char *SSL_rstate_string_long(const SSL *s); -long SSL_SESSION_get_time(SSL_SESSION *s); +long SSL_SESSION_get_time(const SSL_SESSION *s); long SSL_SESSION_set_time(SSL_SESSION *s, long t); -long SSL_SESSION_get_timeout(SSL_SESSION *s); +long SSL_SESSION_get_timeout(const SSL_SESSION *s); long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); -void SSL_copy_session_id(SSL *to,SSL *from); +void SSL_copy_session_id(SSL *to,const SSL *from); SSL_SESSION *SSL_SESSION_new(void); -unsigned long SSL_SESSION_hash(SSL_SESSION *a); -int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b); +unsigned long SSL_SESSION_hash(const SSL_SESSION *a); +int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); #ifndef OPENSSL_NO_FP_API -int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses); +int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); #endif #ifndef OPENSSL_NO_BIO -int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses); +int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); #endif void SSL_SESSION_free(SSL_SESSION *ses); int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); @@ -1290,17 +1290,18 @@ int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, unsigned int id_len); -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char * const *pp, + long length); #ifdef HEADER_X509_H -X509 * SSL_get_peer_certificate(SSL *s); +X509 * SSL_get_peer_certificate(const SSL *s); #endif -STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s); +STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); -int SSL_CTX_get_verify_mode(SSL_CTX *ctx); -int SSL_CTX_get_verify_depth(SSL_CTX *ctx); -int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *); +int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, int (*callback)(int, X509_STORE_CTX *)); void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); @@ -1318,8 +1319,8 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); -int SSL_CTX_check_private_key(SSL_CTX *ctx); -int SSL_check_private_key(SSL *ctx); +int SSL_CTX_check_private_key(const SSL_CTX *ctx); +int SSL_check_private_key(const SSL *ctx); int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, unsigned int sid_ctx_len); @@ -1344,8 +1345,8 @@ long SSL_callback_ctrl(SSL *, int, void (*)()); long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)()); -int SSL_get_error(SSL *s,int ret_code); -const char *SSL_get_version(SSL *s); +int SSL_get_error(const SSL *s,int ret_code); +const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); @@ -1366,7 +1367,7 @@ SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ -STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s); +STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); @@ -1382,15 +1383,15 @@ const char *SSL_alert_desc_string(int value); void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); -STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s); +STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); int SSL_add_client_CA(SSL *ssl,X509 *x); int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); void SSL_set_connect_state(SSL *s); void SSL_set_accept_state(SSL *s); -long SSL_get_default_timeout(SSL *s); +long SSL_get_default_timeout(const SSL *s); int SSL_library_init(void ); @@ -1399,43 +1400,43 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); SSL *SSL_dup(SSL *ssl); -X509 *SSL_get_certificate(SSL *ssl); +X509 *SSL_get_certificate(const SSL *ssl); /* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); -int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx); +int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); void SSL_set_quiet_shutdown(SSL *ssl,int mode); -int SSL_get_quiet_shutdown(SSL *ssl); +int SSL_get_quiet_shutdown(const SSL *ssl); void SSL_set_shutdown(SSL *ssl,int mode); -int SSL_get_shutdown(SSL *ssl); -int SSL_version(SSL *ssl); +int SSL_get_shutdown(const SSL *ssl); +int SSL_version(const SSL *ssl); int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); #define SSL_get0_session SSL_get_session /* just peek at pointer */ -SSL_SESSION *SSL_get_session(SSL *ssl); +SSL_SESSION *SSL_get_session(const SSL *ssl); SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ -SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); void SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl,int type,int val)); -void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val); -int SSL_state(SSL *ssl); +void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); +int SSL_state(const SSL *ssl); void SSL_set_verify_result(SSL *ssl,long v); -long SSL_get_verify_result(SSL *ssl); +long SSL_get_verify_result(const SSL *ssl); int SSL_set_ex_data(SSL *ssl,int idx,void *data); -void *SSL_get_ex_data(SSL *ssl,int idx); +void *SSL_get_ex_data(const SSL *ssl,int idx); int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); -void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); -void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); @@ -1642,6 +1643,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_SET_TRUST 228 #define SSL_F_SSL_SET_WFD 196 #define SSL_F_SSL_SHUTDOWN 224 +#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 #define SSL_F_SSL_UNDEFINED_FUNCTION 197 #define SSL_F_SSL_USE_CERTIFICATE 198 #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 9edc447..9667d0b 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -226,7 +226,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_finish(); } -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp, long length) { int version,ssl_version=0,i; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index b515c06..93d2b13 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -563,12 +563,12 @@ void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) set_client_CA_list(&(ctx->client_CA),name_list); } -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx) +STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) { return(ctx->client_CA); } -STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s) +STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) { if (s->type == SSL_ST_CONNECT) { /* we are in the client */ diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 260ed1f..fa4ba89 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -235,7 +235,7 @@ static void load_builtin_compressions(void) CRYPTO_w_unlock(CRYPTO_LOCK_SSL); } -int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc, +int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, SSL_COMP **comp) { int i; @@ -1108,7 +1108,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) return(buf); } -char *SSL_CIPHER_get_version(SSL_CIPHER *c) +char *SSL_CIPHER_get_version(const SSL_CIPHER *c) { int i; @@ -1123,7 +1123,7 @@ char *SSL_CIPHER_get_version(SSL_CIPHER *c) } /* return the actual cipher being used */ -const char *SSL_CIPHER_get_name(SSL_CIPHER *c) +const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) { if (c != NULL) return(c->name); @@ -1131,7 +1131,7 @@ const char *SSL_CIPHER_get_name(SSL_CIPHER *c) } /* number of bits for symmetric cipher */ -int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits) +int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) { int ret=0; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 359ea45..2472b4d 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -193,6 +193,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_PACK(0,SSL_F_SSL_SET_TRUST,0), "SSL_set_trust"}, {ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"}, {ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0), "SSL_shutdown"}, +{ERR_PACK(0,SSL_F_SSL_UNDEFINED_CONST_FUNCTION,0), "SSL_UNDEFINED_CONST_FUNCTION"}, {ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"}, {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"}, {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c3bf509..2351279 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -517,18 +517,18 @@ void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) s->wbio=wbio; } -BIO *SSL_get_rbio(SSL *s) +BIO *SSL_get_rbio(const SSL *s) { return(s->rbio); } -BIO *SSL_get_wbio(SSL *s) +BIO *SSL_get_wbio(const SSL *s) { return(s->wbio); } -int SSL_get_fd(SSL *s) +int SSL_get_fd(const SSL *s) { return(SSL_get_rfd(s)); } -int SSL_get_rfd(SSL *s) +int SSL_get_rfd(const SSL *s) { int ret= -1; BIO *b,*r; @@ -540,7 +540,7 @@ int SSL_get_rfd(SSL *s) return(ret); } -int SSL_get_wfd(SSL *s) +int SSL_get_wfd(const SSL *s) { int ret= -1; BIO *b,*r; @@ -622,7 +622,7 @@ err: /* return length of latest Finished message we sent, copy to 'buf' */ -size_t SSL_get_finished(SSL *s, void *buf, size_t count) +size_t SSL_get_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; @@ -637,7 +637,7 @@ size_t SSL_get_finished(SSL *s, void *buf, size_t count) } /* return length of latest Finished message we expected, copy to 'buf' */ -size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count) +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; @@ -652,32 +652,32 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count) } -int SSL_get_verify_mode(SSL *s) +int SSL_get_verify_mode(const SSL *s) { return(s->verify_mode); } -int SSL_get_verify_depth(SSL *s) +int SSL_get_verify_depth(const SSL *s) { return X509_VERIFY_PARAM_get_depth(s->param); } -int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *) +int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) { return(s->verify_callback); } -int SSL_CTX_get_verify_mode(SSL_CTX *ctx) +int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { return(ctx->verify_mode); } -int SSL_CTX_get_verify_depth(SSL_CTX *ctx) +int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) { return X509_VERIFY_PARAM_get_depth(ctx->param); } -int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *) +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) { return(ctx->default_verify_callback); } @@ -700,12 +700,12 @@ void SSL_set_read_ahead(SSL *s,int yes) s->read_ahead=yes; } -int SSL_get_read_ahead(SSL *s) +int SSL_get_read_ahead(const SSL *s) { return(s->read_ahead); } -int SSL_pending(SSL *s) +int SSL_pending(const SSL *s) { /* SSL_pending cannot work properly if read-ahead is enabled * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), @@ -717,7 +717,7 @@ int SSL_pending(SSL *s) return(s->method->ssl_pending(s)); } -X509 *SSL_get_peer_certificate(SSL *s) +X509 *SSL_get_peer_certificate(const SSL *s) { X509 *r; @@ -733,7 +733,7 @@ X509 *SSL_get_peer_certificate(SSL *s) return(r); } -STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s) +STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) { STACK_OF(X509) *r; @@ -750,7 +750,7 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s) /* Now in theory, since the calling process own 't' it should be safe to * modify. We need to be able to read f without being hassled */ -void SSL_copy_session_id(SSL *t,SSL *f) +void SSL_copy_session_id(SSL *t,const SSL *f) { CERT *tmp; @@ -779,7 +779,7 @@ void SSL_copy_session_id(SSL *t,SSL *f) } /* Fix this so it checks all the valid key/cert options */ -int SSL_CTX_check_private_key(SSL_CTX *ctx) +int SSL_CTX_check_private_key(const SSL_CTX *ctx) { if ( (ctx == NULL) || (ctx->cert == NULL) || @@ -797,7 +797,7 @@ int SSL_CTX_check_private_key(SSL_CTX *ctx) } /* Fix this function so that it takes an optional type parameter */ -int SSL_check_private_key(SSL *ssl) +int SSL_check_private_key(const SSL *ssl) { if (ssl == NULL) { @@ -841,7 +841,7 @@ int SSL_connect(SSL *s) return(s->method->ssl_connect(s)); } -long SSL_get_default_timeout(SSL *s) +long SSL_get_default_timeout(const SSL *s) { return(s->method->get_timeout()); } @@ -1088,7 +1088,7 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, /** return a STACK of the ciphers available for the SSL and in order of * preference */ -STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) +STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) { if (s != NULL) { @@ -1125,7 +1125,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) } /** The old interface to get the same thing as SSL_get_ciphers() */ -const char *SSL_get_cipher_list(SSL *s,int n) +const char *SSL_get_cipher_list(const SSL *s,int n) { SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; @@ -1162,7 +1162,7 @@ int SSL_set_cipher_list(SSL *s,const char *str) } /* works well for SSLv2, not so good for SSLv3 */ -char *SSL_get_shared_ciphers(SSL *s,char *buf,int len) +char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) { char *p; const char *cp; @@ -1266,7 +1266,7 @@ err: return(NULL); } -unsigned long SSL_SESSION_hash(SSL_SESSION *a) +unsigned long SSL_SESSION_hash(const SSL_SESSION *a) { unsigned long l; @@ -1283,7 +1283,7 @@ unsigned long SSL_SESSION_hash(SSL_SESSION *a) * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being * able to construct an SSL_SESSION that will collide with any existing session * with a matching session ID. */ -int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b) +int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) { if (a->ssl_version != b->ssl_version) return(1); @@ -1895,7 +1895,7 @@ int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth) return(ret); } -int SSL_get_error(SSL *s,int i) +int SSL_get_error(const SSL *s,int i) { int reason; unsigned long l; @@ -2029,13 +2029,19 @@ int ssl_undefined_function(SSL *s) return(0); } +int ssl_undefined_const_function(const SSL *s) + { + SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return(0); + } + SSL_METHOD *ssl_bad_method(int ver) { SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(NULL); } -const char *SSL_get_version(SSL *s) +const char *SSL_get_version(const SSL *s) { if (s->version == TLS1_VERSION) return("TLSv1"); @@ -2204,7 +2210,7 @@ void ssl_clear_cipher_ctx(SSL *s) } /* Fix this function so that it takes an optional type parameter */ -X509 *SSL_get_certificate(SSL *s) +X509 *SSL_get_certificate(const SSL *s) { if (s->cert != NULL) return(s->cert->key->x509); @@ -2221,7 +2227,7 @@ EVP_PKEY *SSL_get_privatekey(SSL *s) return(NULL); } -SSL_CIPHER *SSL_get_current_cipher(SSL *s) +SSL_CIPHER *SSL_get_current_cipher(const SSL *s) { if ((s->session != NULL) && (s->session->cipher != NULL)) return(s->session->cipher); @@ -2299,7 +2305,7 @@ void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) ctx->quiet_shutdown=mode; } -int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx) +int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) { return(ctx->quiet_shutdown); } @@ -2309,7 +2315,7 @@ void SSL_set_quiet_shutdown(SSL *s,int mode) s->quiet_shutdown=mode; } -int SSL_get_quiet_shutdown(SSL *s) +int SSL_get_quiet_shutdown(const SSL *s) { return(s->quiet_shutdown); } @@ -2319,17 +2325,17 @@ void SSL_set_shutdown(SSL *s,int mode) s->shutdown=mode; } -int SSL_get_shutdown(SSL *s) +int SSL_get_shutdown(const SSL *s) { return(s->shutdown); } -int SSL_version(SSL *s) +int SSL_version(const SSL *s) { return(s->version); } -SSL_CTX *SSL_get_SSL_CTX(SSL *ssl) +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return(ssl->ctx); } @@ -2353,12 +2359,12 @@ void SSL_set_info_callback(SSL *ssl, ssl->info_callback=cb; } -void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val) +void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val) { return ssl->info_callback; } -int SSL_state(SSL *ssl) +int SSL_state(const SSL *ssl) { return(ssl->state); } @@ -2368,7 +2374,7 @@ void SSL_set_verify_result(SSL *ssl,long arg) ssl->verify_result=arg; } -long SSL_get_verify_result(SSL *ssl) +long SSL_get_verify_result(const SSL *ssl) { return(ssl->verify_result); } @@ -2385,7 +2391,7 @@ int SSL_set_ex_data(SSL *s,int idx,void *arg) return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); } -void *SSL_get_ex_data(SSL *s,int idx) +void *SSL_get_ex_data(const SSL *s,int idx) { return(CRYPTO_get_ex_data(&s->ex_data,idx)); } @@ -2402,7 +2408,7 @@ int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); } -void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx) +void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) { return(CRYPTO_get_ex_data(&s->ex_data,idx)); } @@ -2412,7 +2418,7 @@ int ssl_ok(SSL *s) return(1); } -X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx) +X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) { return(ctx->cert_store); } @@ -2424,7 +2430,7 @@ void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) ctx->cert_store=store; } -int SSL_want(SSL *s) +int SSL_want(const SSL *s) { return(s->rwstate); } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 9c1fddd..6dac9d8 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -519,10 +519,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, STACK_OF(SSL_CIPHER) **sorted, const char *rule_str); void ssl_update_cache(SSL *s, int mode); -int ssl_cipher_get_evp(SSL_SESSION *s,const EVP_CIPHER **enc,const EVP_MD **md, - SSL_COMP **comp); +int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, + const EVP_MD **md,SSL_COMP **comp); int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); int ssl_undefined_function(SSL *s); +int ssl_undefined_const_function(const SSL *s); X509 *ssl_get_server_send_cert(SSL *); EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); int ssl_cert_type(X509 *x,EVP_PKEY *pkey); @@ -556,7 +557,7 @@ long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)()); long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); -int ssl2_pending(SSL *s); +int ssl2_pending(const SSL *s); SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); @@ -604,7 +605,7 @@ long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)()); long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); -int ssl3_pending(SSL *s); +int ssl3_pending(const SSL *s); int ssl23_accept(SSL *s); int ssl23_connect(SSL *s); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 85581d4..cf49fde 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -65,7 +65,7 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); -SSL_SESSION *SSL_get_session(SSL *ssl) +SSL_SESSION *SSL_get_session(const SSL *ssl) /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ { return(ssl->session); @@ -98,7 +98,7 @@ int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); } -void *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx) +void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) { return(CRYPTO_get_ex_data(&s->ex_data,idx)); } @@ -616,13 +616,13 @@ long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) return(1); } -long SSL_SESSION_get_timeout(SSL_SESSION *s) +long SSL_SESSION_get_timeout(const SSL_SESSION *s) { if (s == NULL) return(0); return(s->timeout); } -long SSL_SESSION_get_time(SSL_SESSION *s) +long SSL_SESSION_get_time(const SSL_SESSION *s) { if (s == NULL) return(0); return(s->time); @@ -644,7 +644,7 @@ long SSL_CTX_set_timeout(SSL_CTX *s, long t) return(l); } -long SSL_CTX_get_timeout(SSL_CTX *s) +long SSL_CTX_get_timeout(const SSL_CTX *s) { if (s == NULL) return(0); return(s->session_timeout); diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index faea41c..fd0c55c 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -61,7 +61,7 @@ #include "ssl_locl.h" #ifndef OPENSSL_NO_FP_API -int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x) +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) { BIO *b; int ret; @@ -78,7 +78,7 @@ int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x) } #endif -int SSL_SESSION_print(BIO *bp, SSL_SESSION *x) +int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { unsigned int i; const char *s; |