replace 'unsigned const char' with 'const unsigned char' The openssl code base has only a few occurrences of 'unsigned const char' (15 occurrences), compared to the more common 'const unsigned char' (4420 occurrences). While the former is not illegal C, mixing the 'const' keyword (a 'type qualifier') in between 'unsigned' and 'char' (both 'type specifiers') is a bit odd. The background for writing this patch is not to be pedantic, but because the 'opmock' program (used to mock headers for unit tests) does not accept the 'unsigned const char' construct. While this definitely is a bug in opmock or one of its dependencies, openssl is the only piece of software we are using in combination with opmock that has this construct. CLA: trivial Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13722)
diff --git a/apps/passwd.c b/apps/passwd.c index c392544..6673040 100644 --- a/apps/passwd.c +++ b/apps/passwd.c
@@ -22,7 +22,7 @@ #include <openssl/md5.h> #include <openssl/sha.h> -static unsigned const char cov_2char[64] = { +static const unsigned char cov_2char[64] = { /* from crypto/des/fcrypt.c */ 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, @@ -413,7 +413,7 @@ if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) goto err; if (!EVP_DigestUpdate(md2, - (i & 1) ? (unsigned const char *)passwd : buf, + (i & 1) ? (const unsigned char *)passwd : buf, (i & 1) ? passwd_len : sizeof(buf))) goto err; if (i % 3) { @@ -425,7 +425,7 @@ goto err; } if (!EVP_DigestUpdate(md2, - (i & 1) ? buf : (unsigned const char *)passwd, + (i & 1) ? buf : (const unsigned char *)passwd, (i & 1) ? sizeof(buf) : passwd_len)) goto err; if (!EVP_DigestFinal_ex(md2, buf, NULL)) @@ -627,7 +627,7 @@ n = passwd_len; while (n) { if (!EVP_DigestUpdate(md, - (n & 1) ? buf : (unsigned const char *)passwd, + (n & 1) ? buf : (const unsigned char *)passwd, (n & 1) ? buf_size : passwd_len)) goto err; n >>= 1; @@ -673,7 +673,7 @@ if (!EVP_DigestInit_ex(md2, sha, NULL)) goto err; if (!EVP_DigestUpdate(md2, - (n & 1) ? (unsigned const char *)p_bytes : buf, + (n & 1) ? (const unsigned char *)p_bytes : buf, (n & 1) ? passwd_len : buf_size)) goto err; if (n % 3) { @@ -685,7 +685,7 @@ goto err; } if (!EVP_DigestUpdate(md2, - (n & 1) ? buf : (unsigned const char *)p_bytes, + (n & 1) ? buf : (const unsigned char *)p_bytes, (n & 1) ? buf_size : passwd_len)) goto err; if (!EVP_DigestFinal_ex(md2, buf, NULL))
diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c index 0b181fd..190a44d 100644 --- a/crypto/des/fcrypt.c +++ b/crypto/des/fcrypt.c
@@ -31,7 +31,7 @@ * Added more values to handle illegal salt values the way normal crypt() * implementations do. */ -static unsigned const char con_salt[128] = { +static const unsigned char con_salt[128] = { 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, @@ -50,7 +50,7 @@ 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, }; -static unsigned const char cov_2char[64] = { +static const unsigned char cov_2char[64] = { 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
diff --git a/doc/man3/SSL_CTX_dane_enable.pod b/doc/man3/SSL_CTX_dane_enable.pod index e886325..72fd1bf 100644 --- a/doc/man3/SSL_CTX_dane_enable.pod +++ b/doc/man3/SSL_CTX_dane_enable.pod
@@ -18,10 +18,10 @@ uint8_t mtype, uint8_t ord); int SSL_dane_enable(SSL *s, const char *basedomain); int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, - uint8_t mtype, unsigned const char *data, size_t dlen); + uint8_t mtype, const unsigned char *data, size_t dlen); int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, - uint8_t *mtype, unsigned const char **data, + uint8_t *mtype, const unsigned char **data, size_t *dlen); unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index 4e5d50b..0025a2a 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in
@@ -1810,10 +1810,10 @@ uint8_t mtype, uint8_t ord); __owur int SSL_dane_enable(SSL *s, const char *basedomain); __owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, - uint8_t mtype, unsigned const char *data, size_t dlen); + uint8_t mtype, const unsigned char *data, size_t dlen); __owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, - uint8_t *mtype, unsigned const char **data, + uint8_t *mtype, const unsigned char **data, size_t *dlen); /* * Bridge opacity barrier between libcrypt and libssl, also needed to support
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d14d581..a8a1416 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -269,7 +269,7 @@ static int dane_tlsa_add(SSL_DANE *dane, uint8_t usage, uint8_t selector, - uint8_t mtype, unsigned const char *data, size_t dlen) + uint8_t mtype, const unsigned char *data, size_t dlen) { danetls_record *t; const EVP_MD *md = NULL; @@ -1099,7 +1099,7 @@ } int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, - uint8_t *mtype, unsigned const char **data, size_t *dlen) + uint8_t *mtype, const unsigned char **data, size_t *dlen) { SSL_DANE *dane = &s->dane; @@ -1126,7 +1126,7 @@ } int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, - uint8_t mtype, unsigned const char *data, size_t dlen) + uint8_t mtype, const unsigned char *data, size_t dlen) { return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen); }