From cbb96b4ffd29b7fd280b04f59790cf9b060bc7bc Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 4 Jun 2023 12:50:39 -0400 Subject: [PATCH] Const-correct a few X509_PURPOSE and X509_TRUST functions These bits need more work (and possibly some removal) as they're very, very far from thread-safe, but rust-openssl relies on them being const-correct when targetting OpenSSL 1.1.x. Change-Id: I60531c7e90dbdbcb79c09fc440bd7c6b474172df Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60607 Auto-Submit: David Benjamin Commit-Queue: David Benjamin Reviewed-by: Bob Beck Commit-Queue: Bob Beck --- crypto/x509/x509_trs.c | 2 +- crypto/x509v3/v3_purp.c | 10 ++++------ include/openssl/x509.h | 2 +- include/openssl/x509v3.h | 5 +++-- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 13e5eca0e..71cf71dcc 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -168,7 +168,7 @@ int X509_TRUST_set(int *t, int trust) { } int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), - char *name, int arg1, void *arg2) { + const char *name, int arg1, void *arg2) { int idx; X509_TRUST *trtmp; char *name_dup; diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 34ce33e27..1f5a88cdf 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -177,10 +177,9 @@ X509_PURPOSE *X509_PURPOSE_get0(int idx) { return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } -int X509_PURPOSE_get_by_sname(char *sname) { - int i; +int X509_PURPOSE_get_by_sname(const char *sname) { X509_PURPOSE *xptmp; - for (i = 0; i < X509_PURPOSE_get_count(); i++) { + for (int i = 0; i < X509_PURPOSE_get_count(); i++) { xptmp = X509_PURPOSE_get0(i); if (!strcmp(xptmp->sname, sname)) { return i; @@ -209,8 +208,7 @@ int X509_PURPOSE_get_by_id(int purpose) { int X509_PURPOSE_add(int id, int trust, int flags, int (*ck)(const X509_PURPOSE *, const X509 *, int), - char *name, char *sname, void *arg) { - int idx; + const char *name, const char *sname, void *arg) { X509_PURPOSE *ptmp; char *name_dup, *sname_dup; @@ -219,7 +217,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, // This will always be set for application modified trust entries flags |= X509_PURPOSE_DYNAMIC_NAME; // Get existing entry if any - idx = X509_PURPOSE_get_by_id(id); + int idx = X509_PURPOSE_get_by_id(id); // Need a new entry if (idx == -1) { if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { diff --git a/include/openssl/x509.h b/include/openssl/x509.h index b2ac3db8c..c41b3a5c3 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -2529,7 +2529,7 @@ OPENSSL_EXPORT X509_TRUST *X509_TRUST_get0(int idx); OPENSSL_EXPORT int X509_TRUST_get_by_id(int id); OPENSSL_EXPORT int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), - char *name, int arg1, void *arg2); + const char *name, int arg1, void *arg2); OPENSSL_EXPORT void X509_TRUST_cleanup(void); OPENSSL_EXPORT int X509_TRUST_get_flags(const X509_TRUST *xp); OPENSSL_EXPORT char *X509_TRUST_get0_name(const X509_TRUST *xp); diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index f5ea41354..2a2e02c2e 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -906,12 +906,13 @@ OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509); OPENSSL_EXPORT int X509_PURPOSE_get_count(void); OPENSSL_EXPORT X509_PURPOSE *X509_PURPOSE_get0(int idx); -OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(char *sname); +OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(const char *sname); OPENSSL_EXPORT int X509_PURPOSE_get_by_id(int id); OPENSSL_EXPORT int X509_PURPOSE_add(int id, int trust, int flags, int (*ck)(const X509_PURPOSE *, const X509 *, int), - char *name, char *sname, void *arg); + const char *name, const char *sname, + void *arg); OPENSSL_EXPORT char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); OPENSSL_EXPORT int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);