Type-checked (and modern C compliant) OBJ_bsearch.
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index d948691..bd28b75 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c
@@ -175,9 +175,9 @@ * to explicitly list their SSL_* codes. Currently RC4 is the only one * available, but if new ones emerge, they will have to be added... */ -SSL_CIPHER *dtls1_get_cipher(unsigned int u) +const SSL_CIPHER *dtls1_get_cipher(unsigned int u) { - SSL_CIPHER *ciph = ssl3_get_cipher(u); + const SSL_CIPHER *ciph = ssl3_get_cipher(u); if (ciph != NULL) {
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index 88fb564..e3fce53 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c
@@ -74,7 +74,7 @@ ); } -SSL_CIPHER *ssl23_get_cipher(unsigned int u) +const SSL_CIPHER *ssl23_get_cipher(unsigned int u) { unsigned int uu=ssl3_num_ciphers(); @@ -90,9 +90,10 @@ /* This function needs to check if the ciphers required are actually * available */ -SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; + SSL_CIPHER c; + const SSL_CIPHER *cp; unsigned long id; int n;
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 25148d3..d93a2c7 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c
@@ -121,7 +121,7 @@ #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) /* list of available SSLv2 ciphers (sorted by id) */ -OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ +OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={ #if 0 /* NULL_WITH_MD5 v3 */ { @@ -303,7 +303,7 @@ return(SSL2_NUM_CIPHERS); } -SSL_CIPHER *ssl2_get_cipher(unsigned int u) +const SSL_CIPHER *ssl2_get_cipher(unsigned int u) { if (u < SSL2_NUM_CIPHERS) return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u])); @@ -412,20 +412,22 @@ return(0); } +IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER, + ssl_cipher_id_cmp); + /* This function needs to check if the ciphers required are actually * available */ -SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; + SSL_CIPHER c; + const SSL_CIPHER *cp; unsigned long id; id=0x02000000L|((unsigned long)p[0]<<16L)| ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; c.id=id; - cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, - (char *)ssl2_ciphers, - SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER), - FP_ICC ssl_cipher_id_cmp); + cp = OBJ_bsearch(const SSL_CIPHER, &c, const SSL_CIPHER, ssl2_ciphers, + SSL2_NUM_CIPHERS, ssl_cipher_id_cmp); if ((cp == NULL) || (cp->valid == 0)) return NULL; else
diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c index 2bffa78..f0e8ca5 100644 --- a/ssl/s2_meth.c +++ b/ssl/s2_meth.c
@@ -71,9 +71,9 @@ } IMPLEMENT_ssl2_meth_func(SSLv2_method, - ssl2_accept, - ssl2_connect, - ssl2_get_method) + ssl2_accept, + ssl2_connect, + ssl2_get_method) #else /* !OPENSSL_NO_SSL2 */
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 6490d0b..b43a046 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c
@@ -366,7 +366,7 @@ int is_export,i,n,keya,ek; unsigned long len; unsigned char *p; - SSL_CIPHER *cp; + const SSL_CIPHER *cp; const EVP_CIPHER *c; const EVP_MD *md;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index e339dbc..aae1334 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c
@@ -719,7 +719,7 @@ int ssl3_get_server_hello(SSL *s) { STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; + const SSL_CIPHER *c; unsigned char *p,*d; int i,al,ok; unsigned int j;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index f09238f..7e89699 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -2101,7 +2101,7 @@ return(SSL3_NUM_CIPHERS); } -SSL_CIPHER *ssl3_get_cipher(unsigned int u) +const SSL_CIPHER *ssl3_get_cipher(unsigned int u) { if (u < SSL3_NUM_CIPHERS) return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); @@ -2786,17 +2786,16 @@ /* This function needs to check if the ciphers required are actually * available */ -SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; + SSL_CIPHER c; + const SSL_CIPHER *cp; unsigned long id; id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; c.id=id; - cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, - (char *)ssl3_ciphers, - SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER), - FP_ICC ssl_cipher_id_cmp); + cp = OBJ_bsearch(SSL_CIPHER, &c, SSL_CIPHER, ssl3_ciphers, + SSL3_NUM_CIPHERS, ssl_cipher_id_cmp); if (cp == NULL || cp->valid == 0) return NULL; else
diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c index 6b39ce8..cdddb17 100644 --- a/ssl/s3_meth.c +++ b/ssl/s3_meth.c
@@ -70,8 +70,8 @@ } IMPLEMENT_ssl3_meth_func(SSLv3_method, - ssl3_accept, - ssl3_connect, - ssl3_get_method) + ssl3_accept, + ssl3_connect, + ssl3_get_method)
diff --git a/ssl/ssl.h b/ssl/ssl.h index d3fdccd..f23f24b 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h
@@ -401,11 +401,11 @@ int (*ssl_dispatch_alert)(SSL *s); long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); - SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); + const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); int (*ssl_pending)(const SSL *s); int (*num_ciphers)(void); - SSL_CIPHER *(*get_cipher)(unsigned ncipher); + const SSL_CIPHER *(*get_cipher)(unsigned ncipher); const struct ssl_method_st *(*get_ssl_method)(int version); long (*get_timeout)(void); struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ @@ -483,7 +483,7 @@ int compress_meth; /* Need to lookup the method */ - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this * needs to be used to load * the 'cipher' structure */ @@ -1431,7 +1431,7 @@ void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); -SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); char * SSL_CIPHER_get_version(const SSL_CIPHER *c); const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 646a8e6..56f17f6 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h
@@ -465,7 +465,7 @@ int message_type; /* used to hold the new cipher we are going to use */ - SSL_CIPHER *new_cipher; + const SSL_CIPHER *new_cipher; #ifndef OPENSSL_NO_DH DH *dh; #endif
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index c31d6e0..e60a490 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c
@@ -207,7 +207,7 @@ typedef struct cipher_order_st { - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; int active; int dead; struct cipher_order_st *next,*prev; @@ -437,7 +437,7 @@ const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) { int i; - SSL_CIPHER *c; + const SSL_CIPHER *c; c=s->cipher; if (c == NULL) return(0); @@ -682,7 +682,7 @@ CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { int i, co_list_num; - SSL_CIPHER *c; + const SSL_CIPHER *c; /* * We have num_of_ciphers descriptions compiled in, depending on the @@ -745,7 +745,7 @@ } } -static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, +static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases, unsigned long disabled_mkey, unsigned long disabled_auth, unsigned long disabled_enc, unsigned long disabled_mac, @@ -753,7 +753,7 @@ CIPHER_ORDER *head) { CIPHER_ORDER *ciph_curr; - SSL_CIPHER **ca_curr; + const SSL_CIPHER **ca_curr; int i; unsigned long mask_mkey = ~disabled_mkey; unsigned long mask_auth = ~disabled_auth; @@ -823,7 +823,7 @@ CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { CIPHER_ORDER *head, *tail, *curr, *curr2, *last; - SSL_CIPHER *cp; + const SSL_CIPHER *cp; int reverse = 0; #ifdef CIPHER_DEBUG @@ -999,7 +999,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, - SSL_CIPHER **ca_list) + const SSL_CIPHER **ca_list) { unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; const char *l, *start, *buf; @@ -1258,7 +1258,7 @@ STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; const char *rule_p; CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; - SSL_CIPHER **ca_list = NULL; + const SSL_CIPHER **ca_list = NULL; /* * Return with error if nothing to do. @@ -1345,8 +1345,7 @@ */ num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; - ca_list = - (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); + ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); if (ca_list == NULL) { OPENSSL_free(co_list);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 203bce6..803894c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -1348,7 +1348,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, STACK_OF(SSL_CIPHER) **skp) { - SSL_CIPHER *c; + const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; int i,n; @@ -1751,7 +1751,7 @@ X509_VERIFY_PARAM_set_depth(ctx->param, depth); } -void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) +void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) { CERT_PKEY *cpk; int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; @@ -1963,7 +1963,7 @@ #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs) +int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) { unsigned long alg_k, alg_a; EVP_PKEY *pkey = NULL; @@ -2109,7 +2109,7 @@ return(c->pkeys[i].x509); } -EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher) +EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher) { unsigned long alg_a; CERT *c; @@ -2547,7 +2547,7 @@ return(NULL); } -SSL_CIPHER *SSL_get_current_cipher(const SSL *s) +const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) { if ((s->session != NULL) && (s->session->cipher != NULL)) return(s->session->cipher);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a499a16..ad69a71 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h
@@ -577,7 +577,7 @@ #endif extern SSL3_ENC_METHOD ssl3_undef_enc_method; -OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; +OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[]; OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; @@ -784,6 +784,8 @@ int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); +DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER, + ssl_cipher_id_cmp); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, const SSL_CIPHER * const *bp); STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, @@ -803,9 +805,9 @@ int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); X509 *ssl_get_server_send_cert(SSL *); -EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); +EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *); int ssl_cert_type(X509 *x,EVP_PKEY *pkey); -void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); +void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); @@ -814,7 +816,7 @@ int ssl2_generate_key_material(SSL *s); void ssl2_enc(SSL *s,int send_data); void ssl2_mac(SSL *s,unsigned char *mac,int send_data); -SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); +const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); int ssl2_part_read(SSL *s, unsigned long f, int i); int ssl2_do_write(SSL *s); @@ -822,7 +824,7 @@ void ssl2_return_error(SSL *s,int reason); void ssl2_write_error(SSL *s); int ssl2_num_ciphers(void); -SSL_CIPHER *ssl2_get_cipher(unsigned int u); +const SSL_CIPHER *ssl2_get_cipher(unsigned int u); int ssl2_new(SSL *s); void ssl2_free(SSL *s); int ssl2_accept(SSL *s); @@ -839,7 +841,7 @@ int ssl2_pending(const SSL *s); long ssl2_default_timeout(void ); -SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); +const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); void ssl3_init_finished_mac(SSL *s); int ssl3_send_server_certificate(SSL *s); @@ -858,7 +860,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen); int ssl3_num_ciphers(void); -SSL_CIPHER *ssl3_get_cipher(unsigned int u); +const SSL_CIPHER *ssl3_get_cipher(unsigned int u); int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl); int ssl3_dispatch_alert(SSL *s); @@ -899,12 +901,12 @@ long ssl3_default_timeout(void ); int ssl23_num_ciphers(void ); -SSL_CIPHER *ssl23_get_cipher(unsigned int u); +const SSL_CIPHER *ssl23_get_cipher(unsigned int u); int ssl23_read(SSL *s, void *buf, int len); int ssl23_peek(SSL *s, void *buf, int len); int ssl23_write(SSL *s, const void *buf, int len); int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); +const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); long ssl23_default_timeout(void ); long tls1_default_timeout(void); @@ -934,7 +936,7 @@ void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); long dtls1_default_timeout(void); -SSL_CIPHER *dtls1_get_cipher(unsigned int u); +const SSL_CIPHER *dtls1_get_cipher(unsigned int u); /* some client-only functions */ @@ -1020,7 +1022,7 @@ int ssl_ok(SSL *s); #ifndef OPENSSL_NO_ECDH -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); +int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs); #endif SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index b20ab0f..c76f667 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c
@@ -317,7 +317,7 @@ static void print_details(SSL *c_ssl, const char *prefix) { - SSL_CIPHER *ciph; + const SSL_CIPHER *ciph; X509 *cert; ciph=SSL_get_current_cipher(c_ssl); @@ -2408,7 +2408,7 @@ { int i = 0; const SSL_METHOD *meth; - SSL_CIPHER *ci, *tci = NULL; + const SSL_CIPHER *ci, *tci = NULL; #ifndef OPENSSL_NO_SSL2 fprintf(stderr, "testing SSLv2 cipher list order: ");