From 125a38fad9fc08cb9ac36925988c667d04fda993 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 20 Aug 2020 14:54:02 -0400 Subject: [PATCH] Const-correct various X509 functions. Actually making crypto/asn1 and crypto/x509 const-correct will be a tall order, between all the hidden caches, non-const ASN.1 macros, and ambiguity between mutable and immutable getters. But upstream const-corrected a number of things, so align with them. (In particular, it is not currently possible to usefully use a non-const X509_NAME.) I think I've gotten most of x509.h. I started going through x509v3.h, but all the conf bits take non-const char* pointers, which shows up in the public (but probably unused) X509V3_CONF_METHOD, so I've left it alone in this CL. For some reason, OpenSSL made X509_get_subject_name a const-to-non-const function but kept X509_get_serialNumber uniformly non-const while adding a uniformly const X509_get0_serialNumber. I've just mirrored this for compatibility's sake. Change-Id: Ia33a7576165cf2da5922807fc065f1f114b0f84c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42584 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/x509/a_strex.c | 6 +-- crypto/x509/t_x509.c | 2 +- crypto/x509/x509_cmp.c | 9 +++- crypto/x509/x509_ext.c | 39 +++++++++-------- crypto/x509/x509_obj.c | 2 +- crypto/x509/x509_trs.c | 6 +-- crypto/x509/x509_v3.c | 6 +-- crypto/x509/x509name.c | 17 ++++---- crypto/x509v3/v3_genn.c | 4 +- crypto/x509v3/v3_info.c | 2 +- crypto/x509v3/v3_purp.c | 8 ++-- crypto/x509v3/v3_skey.c | 2 +- include/openssl/x509.h | 93 ++++++++++++++++++++++------------------ include/openssl/x509v3.h | 16 +++---- 14 files changed, 115 insertions(+), 97 deletions(-) diff --git a/crypto/x509/a_strex.c b/crypto/x509/a_strex.c index eeec5d15e..2c4824e5d 100644 --- a/crypto/x509/a_strex.c +++ b/crypto/x509/a_strex.c @@ -446,7 +446,7 @@ static int do_indent(char_io *io_ch, void *arg, int indent) #define FN_WIDTH_LN 25 #define FN_WIDTH_SN 10 -static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, +static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent, unsigned long flags) { int i, prev = -1, orflags, cnt; @@ -584,7 +584,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, /* Wrappers round the main functions */ -int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags) { if (flags == XN_FLAG_COMPAT) @@ -593,7 +593,7 @@ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, } #ifndef OPENSSL_NO_FP_API -int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags) { if (flags == XN_FLAG_COMPAT) { diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index e45a76596..5db8746c1 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -494,7 +494,7 @@ err: return 0; } -int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) +int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) { char *s, *c, *b; int ret = 0, l, i; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index cd025abca..92ed8715a 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -131,7 +131,7 @@ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) return OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, 20); } -X509_NAME *X509_get_issuer_name(X509 *a) +X509_NAME *X509_get_issuer_name(const X509 *a) { return (a->cert_info->issuer); } @@ -146,7 +146,7 @@ unsigned long X509_issuer_name_hash_old(X509 *x) return (X509_NAME_hash_old(x->cert_info->issuer)); } -X509_NAME *X509_get_subject_name(X509 *a) +X509_NAME *X509_get_subject_name(const X509 *a) { return (a->cert_info->subject); } @@ -156,6 +156,11 @@ ASN1_INTEGER *X509_get_serialNumber(X509 *a) return (a->cert_info->serialNumber); } +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509) +{ + return x509->cert_info->serialNumber; +} + unsigned long X509_subject_name_hash(X509 *x) { return (X509_NAME_hash(x->cert_info->subject)); diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index a329f6fab..a8f0ab684 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -62,27 +62,28 @@ #include #include -int X509_CRL_get_ext_count(X509_CRL *x) +int X509_CRL_get_ext_count(const X509_CRL *x) { return (X509v3_get_ext_count(x->crl->extensions)); } -int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos) { return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos)); } -int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, + int lastpos) { return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos)); } -int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos) { return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos)); } -X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc) { return (X509v3_get_ext(x->crl->extensions, loc)); } @@ -92,7 +93,7 @@ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) return (X509v3_delete_ext(x->crl->extensions, loc)); } -void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) +void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); } @@ -108,28 +109,28 @@ int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL); } -int X509_get_ext_count(X509 *x) +int X509_get_ext_count(const X509 *x) { return (X509v3_get_ext_count(x->cert_info->extensions)); } -int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos) { return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos)); } -int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos) { return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos)); } -int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos) { return (X509v3_get_ext_by_critical (x->cert_info->extensions, crit, lastpos)); } -X509_EXTENSION *X509_get_ext(X509 *x, int loc) +X509_EXTENSION *X509_get_ext(const X509 *x, int loc) { return (X509v3_get_ext(x->cert_info->extensions, loc)); } @@ -144,7 +145,7 @@ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL); } -void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) +void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); } @@ -156,28 +157,29 @@ int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, flags); } -int X509_REVOKED_get_ext_count(X509_REVOKED *x) +int X509_REVOKED_get_ext_count(const X509_REVOKED *x) { return (X509v3_get_ext_count(x->extensions)); } -int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos) { return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos)); } -int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, int lastpos) { return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos)); } -int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, + int lastpos) { return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos)); } -X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc) { return (X509v3_get_ext(x->extensions, loc)); } @@ -192,7 +194,8 @@ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL); } -void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) +void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, + int *idx) { return X509V3_get_d2i(x->extensions, nid, crit, idx); } diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index 520b7a079..80d16c1a4 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -73,7 +73,7 @@ #define NAME_ONELINE_MAX (1024 * 1024) -char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) +char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) { X509_NAME_ENTRY *ne; size_t i; diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 019301ab8..d3002e831 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -260,17 +260,17 @@ void X509_TRUST_cleanup(void) trtable = NULL; } -int X509_TRUST_get_flags(X509_TRUST *xp) +int X509_TRUST_get_flags(const X509_TRUST *xp) { return xp->flags; } -char *X509_TRUST_get0_name(X509_TRUST *xp) +char *X509_TRUST_get0_name(const X509_TRUST *xp) { return xp->name; } -int X509_TRUST_get_trust(X509_TRUST *xp) +int X509_TRUST_get_trust(const X509_TRUST *xp) { return xp->trust; } diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index ecbc0ddc0..7cfd6e935 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -181,7 +181,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit, - ASN1_OCTET_STRING *data) + const ASN1_OCTET_STRING *data) { const ASN1_OBJECT *obj; X509_EXTENSION *ret; @@ -197,7 +197,7 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit, - ASN1_OCTET_STRING *data) + const ASN1_OCTET_STRING *data) { X509_EXTENSION *ret; @@ -242,7 +242,7 @@ int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) return (1); } -int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) +int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data) { int i; diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index fbb76f0b0..0bf345941 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -66,7 +66,8 @@ #include "../internal.h" -int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) +int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, char *buf, + int len) { const ASN1_OBJECT *obj; @@ -76,7 +77,7 @@ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) return (X509_NAME_get_text_by_OBJ(name, obj, buf, len)); } -int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, +int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len) { int i; @@ -94,14 +95,14 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, return (i); } -int X509_NAME_entry_count(X509_NAME *name) +int X509_NAME_entry_count(const X509_NAME *name) { if (name == NULL) return (0); return (sk_X509_NAME_ENTRY_num(name->entries)); } -int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) +int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos) { const ASN1_OBJECT *obj; @@ -112,7 +113,7 @@ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) } /* NOTE: you should be passsing -1, not 0 as lastpos */ -int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, +int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, int lastpos) { int n; @@ -133,7 +134,7 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, return (-1); } -X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc) +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc) { if (name == NULL || loc < 0 || sk_X509_NAME_ENTRY_num(name->entries) <= (size_t)loc) @@ -374,14 +375,14 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, return (1); } -ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne) +ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) { if (ne == NULL) return (NULL); return (ne->object); } -ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne) +ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) { if (ne == NULL) return (NULL); diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c index 552a52443..57223b4a4 100644 --- a/crypto/x509v3/v3_genn.c +++ b/crypto/x509v3/v3_genn.c @@ -188,7 +188,7 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) a->type = type; } -void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype) +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype) { if (ptype) *ptype = a->type; @@ -233,7 +233,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, return 1; } -int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, ASN1_OBJECT **poid, ASN1_TYPE **pvalue) { if (gen->type != GEN_OTHERNAME) diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index 7a48bd554..3615c71d5 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -208,7 +208,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD return NULL; } -int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a) +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a) { i2a_ASN1_OBJECT(bp, a->method); #ifdef UNDEF diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index e41b657fe..e77a3d1bb 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -307,22 +307,22 @@ void X509_PURPOSE_cleanup(void) xptable = NULL; } -int X509_PURPOSE_get_id(X509_PURPOSE *xp) +int X509_PURPOSE_get_id(const X509_PURPOSE *xp) { return xp->purpose; } -char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp) { return xp->name; } -char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) { return xp->sname; } -int X509_PURPOSE_get_trust(X509_PURPOSE *xp) +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) { return xp->trust; } diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 6a16e78ef..8c628ecf2 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -77,7 +77,7 @@ const X509V3_EXT_METHOD v3_skey_id = { NULL }; -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *oct) { return x509v3_bytes_to_hex(oct->data, oct->length); } diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 20c59225c..d4176314c 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -482,6 +482,9 @@ extern "C" { // version, or -1 on overflow. OPENSSL_EXPORT long X509_get_version(const X509 *x509); +// X509_get0_serialNumber returns |x509|'s serial number. +OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509); + // X509_get0_notBefore returns |x509|'s notBefore time. OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x509); @@ -882,7 +885,7 @@ DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) #ifndef OPENSSL_NO_EVP OPENSSL_EXPORT X509_INFO *X509_INFO_new(void); OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a); -OPENSSL_EXPORT char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); +OPENSSL_EXPORT char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, unsigned char *md, unsigned int *len); @@ -909,9 +912,9 @@ OPENSSL_EXPORT int X509_set_version(X509 *x, long version); OPENSSL_EXPORT int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x); OPENSSL_EXPORT int X509_set_issuer_name(X509 *x, X509_NAME *name); -OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(X509 *a); +OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(const X509 *a); OPENSSL_EXPORT int X509_set_subject_name(X509 *x, X509_NAME *name); -OPENSSL_EXPORT X509_NAME *X509_get_subject_name(X509 *a); +OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *a); OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x); OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); @@ -1016,12 +1019,12 @@ OPENSSL_EXPORT int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, OPENSSL_EXPORT int X509_print_fp(FILE *bp, X509 *x); OPENSSL_EXPORT int X509_CRL_print_fp(FILE *bp, X509_CRL *x); OPENSSL_EXPORT int X509_REQ_print_fp(FILE *bp, X509_REQ *req); -OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, - unsigned long flags); +OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, + int indent, unsigned long flags); #endif -OPENSSL_EXPORT int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); -OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, +OPENSSL_EXPORT int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, unsigned long cflag); @@ -1033,21 +1036,22 @@ OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); OPENSSL_EXPORT int X509_REQ_print(BIO *bp, X509_REQ *req); -OPENSSL_EXPORT int X509_NAME_entry_count(X509_NAME *name); -OPENSSL_EXPORT int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, +OPENSSL_EXPORT int X509_NAME_entry_count(const X509_NAME *name); +OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, char *buf, int len); -OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(X509_NAME *name, +OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); // NOTE: you should be passsing -1, not 0 as lastpos. The functions that use // lastpos, search after that position on. -OPENSSL_EXPORT int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, +OPENSSL_EXPORT int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); -OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(X509_NAME *name, +OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); -OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); +OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, + int loc); OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); OPENSSL_EXPORT int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, @@ -1078,8 +1082,9 @@ OPENSSL_EXPORT int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, OPENSSL_EXPORT int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); -OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); -OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); +OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object( + const X509_NAME_ENTRY *ne); +OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) * x); OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) * x, @@ -1097,59 +1102,63 @@ OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) * x, OPENSSL_EXPORT STACK_OF(X509_EXTENSION) * X509v3_add_ext(STACK_OF(X509_EXTENSION) * *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT int X509_get_ext_count(X509 *x); -OPENSSL_EXPORT int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); -OPENSSL_EXPORT int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos); -OPENSSL_EXPORT int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); -OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(X509 *x, int loc); +OPENSSL_EXPORT int X509_get_ext_count(const X509 *x); +OPENSSL_EXPORT int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +OPENSSL_EXPORT int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, + int lastpos); +OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit, + int lastpos); +OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc); OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc); OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); +OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags); -OPENSSL_EXPORT int X509_CRL_get_ext_count(X509_CRL *x); -OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); -OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, - int lastpos); -OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, +OPENSSL_EXPORT int X509_CRL_get_ext_count(const X509_CRL *x); +OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, + const ASN1_OBJECT *obj, int lastpos); +OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); -OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); +OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, +OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, unsigned long flags); -OPENSSL_EXPORT int X509_REVOKED_get_ext_count(X509_REVOKED *x); -OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, +OPENSSL_EXPORT int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, + int lastpos); +OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, + const ASN1_OBJECT *obj, int lastpos); -OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, - ASN1_OBJECT *obj, int lastpos); -OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, - int lastpos); -OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); +OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, + int crit, int lastpos); +OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, + int loc); OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, +OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx); OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, unsigned long flags); OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID( - X509_EXTENSION **ex, int nid, int crit, ASN1_OCTET_STRING *data); + X509_EXTENSION **ex, int nid, int crit, const ASN1_OCTET_STRING *data); OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ( X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit, - ASN1_OCTET_STRING *data); + const ASN1_OCTET_STRING *data); OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex, - ASN1_OCTET_STRING *data); + const ASN1_OCTET_STRING *data); OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); OPENSSL_EXPORT int X509_EXTENSION_get_critical(X509_EXTENSION *ex); @@ -1236,9 +1245,9 @@ OPENSSL_EXPORT int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), char *name, int arg1, void *arg2); OPENSSL_EXPORT void X509_TRUST_cleanup(void); -OPENSSL_EXPORT int X509_TRUST_get_flags(X509_TRUST *xp); -OPENSSL_EXPORT char *X509_TRUST_get0_name(X509_TRUST *xp); -OPENSSL_EXPORT int X509_TRUST_get_trust(X509_TRUST *xp); +OPENSSL_EXPORT int X509_TRUST_get_flags(const X509_TRUST *xp); +OPENSSL_EXPORT char *X509_TRUST_get0_name(const X509_TRUST *xp); +OPENSSL_EXPORT int X509_TRUST_get_trust(const X509_TRUST *xp); typedef struct rsa_pss_params_st { diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index b5db7157e..6e64778a0 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -558,17 +558,17 @@ DECLARE_ASN1_FUNCTIONS(OTHERNAME) DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) OPENSSL_EXPORT int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); OPENSSL_EXPORT void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); -OPENSSL_EXPORT void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype); +OPENSSL_EXPORT void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); OPENSSL_EXPORT int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, ASN1_OBJECT *oid, ASN1_TYPE *value); -OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, +OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, ASN1_OBJECT **poid, ASN1_TYPE **pvalue); -OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); +OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *ia5); OPENSSL_EXPORT ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) -OPENSSL_EXPORT int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a); +OPENSSL_EXPORT int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a); DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) DECLARE_ASN1_FUNCTIONS(POLICYINFO) @@ -691,11 +691,11 @@ OPENSSL_EXPORT int X509_PURPOSE_get_by_id(int id); OPENSSL_EXPORT int X509_PURPOSE_add(int id, int trust, int flags, int (*ck)(const X509_PURPOSE *, const X509 *, int), char *name, char *sname, void *arg); -OPENSSL_EXPORT char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); -OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); -OPENSSL_EXPORT int X509_PURPOSE_get_trust(X509_PURPOSE *xp); +OPENSSL_EXPORT char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +OPENSSL_EXPORT int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); OPENSSL_EXPORT void X509_PURPOSE_cleanup(void); -OPENSSL_EXPORT int X509_PURPOSE_get_id(X509_PURPOSE *); +OPENSSL_EXPORT int X509_PURPOSE_get_id(const X509_PURPOSE *); OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);