Type-checked (and modern C compliant) OBJ_bsearch.
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index d948691..bd28b75 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -175,9 +175,9 @@
* to explicitly list their SSL_* codes. Currently RC4 is the only one
* available, but if new ones emerge, they will have to be added...
*/
-SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
{
- SSL_CIPHER *ciph = ssl3_get_cipher(u);
+ const SSL_CIPHER *ciph = ssl3_get_cipher(u);
if (ciph != NULL)
{
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c
index 88fb564..e3fce53 100644
--- a/ssl/s23_lib.c
+++ b/ssl/s23_lib.c
@@ -74,7 +74,7 @@
);
}
-SSL_CIPHER *ssl23_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
{
unsigned int uu=ssl3_num_ciphers();
@@ -90,9 +90,10 @@
/* This function needs to check if the ciphers required are actually
* available */
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
{
- SSL_CIPHER c,*cp;
+ SSL_CIPHER c;
+ const SSL_CIPHER *cp;
unsigned long id;
int n;
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index 25148d3..d93a2c7 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -121,7 +121,7 @@
#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
/* list of available SSLv2 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
+OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
#if 0
/* NULL_WITH_MD5 v3 */
{
@@ -303,7 +303,7 @@
return(SSL2_NUM_CIPHERS);
}
-SSL_CIPHER *ssl2_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
{
if (u < SSL2_NUM_CIPHERS)
return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
@@ -412,20 +412,22 @@
return(0);
}
+IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER,
+ ssl_cipher_id_cmp);
+
/* This function needs to check if the ciphers required are actually
* available */
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
{
- SSL_CIPHER c,*cp;
+ SSL_CIPHER c;
+ const SSL_CIPHER *cp;
unsigned long id;
id=0x02000000L|((unsigned long)p[0]<<16L)|
((unsigned long)p[1]<<8L)|(unsigned long)p[2];
c.id=id;
- cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
- (char *)ssl2_ciphers,
- SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
- FP_ICC ssl_cipher_id_cmp);
+ cp = OBJ_bsearch(const SSL_CIPHER, &c, const SSL_CIPHER, ssl2_ciphers,
+ SSL2_NUM_CIPHERS, ssl_cipher_id_cmp);
if ((cp == NULL) || (cp->valid == 0))
return NULL;
else
diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c
index 2bffa78..f0e8ca5 100644
--- a/ssl/s2_meth.c
+++ b/ssl/s2_meth.c
@@ -71,9 +71,9 @@
}
IMPLEMENT_ssl2_meth_func(SSLv2_method,
- ssl2_accept,
- ssl2_connect,
- ssl2_get_method)
+ ssl2_accept,
+ ssl2_connect,
+ ssl2_get_method)
#else /* !OPENSSL_NO_SSL2 */
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 6490d0b..b43a046 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -366,7 +366,7 @@
int is_export,i,n,keya,ek;
unsigned long len;
unsigned char *p;
- SSL_CIPHER *cp;
+ const SSL_CIPHER *cp;
const EVP_CIPHER *c;
const EVP_MD *md;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index e339dbc..aae1334 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -719,7 +719,7 @@
int ssl3_get_server_hello(SSL *s)
{
STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
unsigned char *p,*d;
int i,al,ok;
unsigned int j;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f09238f..7e89699 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2101,7 +2101,7 @@
return(SSL3_NUM_CIPHERS);
}
-SSL_CIPHER *ssl3_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
{
if (u < SSL3_NUM_CIPHERS)
return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
@@ -2786,17 +2786,16 @@
/* This function needs to check if the ciphers required are actually
* available */
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
{
- SSL_CIPHER c,*cp;
+ SSL_CIPHER c;
+ const SSL_CIPHER *cp;
unsigned long id;
id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
c.id=id;
- cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
- (char *)ssl3_ciphers,
- SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
- FP_ICC ssl_cipher_id_cmp);
+ cp = OBJ_bsearch(SSL_CIPHER, &c, SSL_CIPHER, ssl3_ciphers,
+ SSL3_NUM_CIPHERS, ssl_cipher_id_cmp);
if (cp == NULL || cp->valid == 0)
return NULL;
else
diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c
index 6b39ce8..cdddb17 100644
--- a/ssl/s3_meth.c
+++ b/ssl/s3_meth.c
@@ -70,8 +70,8 @@
}
IMPLEMENT_ssl3_meth_func(SSLv3_method,
- ssl3_accept,
- ssl3_connect,
- ssl3_get_method)
+ ssl3_accept,
+ ssl3_connect,
+ ssl3_get_method)
diff --git a/ssl/ssl.h b/ssl/ssl.h
index d3fdccd..f23f24b 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -401,11 +401,11 @@
int (*ssl_dispatch_alert)(SSL *s);
long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
- SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
+ const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
int (*ssl_pending)(const SSL *s);
int (*num_ciphers)(void);
- SSL_CIPHER *(*get_cipher)(unsigned ncipher);
+ const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
const struct ssl_method_st *(*get_ssl_method)(int version);
long (*get_timeout)(void);
struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
@@ -483,7 +483,7 @@
int compress_meth; /* Need to lookup the method */
- SSL_CIPHER *cipher;
+ const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
* needs to be used to load
* the 'cipher' structure */
@@ -1431,7 +1431,7 @@
void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 646a8e6..56f17f6 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -465,7 +465,7 @@
int message_type;
/* used to hold the new cipher we are going to use */
- SSL_CIPHER *new_cipher;
+ const SSL_CIPHER *new_cipher;
#ifndef OPENSSL_NO_DH
DH *dh;
#endif
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index c31d6e0..e60a490 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -207,7 +207,7 @@
typedef struct cipher_order_st
{
- SSL_CIPHER *cipher;
+ const SSL_CIPHER *cipher;
int active;
int dead;
struct cipher_order_st *next,*prev;
@@ -437,7 +437,7 @@
const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
{
int i;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
c=s->cipher;
if (c == NULL) return(0);
@@ -682,7 +682,7 @@
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
int i, co_list_num;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
/*
* We have num_of_ciphers descriptions compiled in, depending on the
@@ -745,7 +745,7 @@
}
}
-static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
+static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
int num_of_group_aliases,
unsigned long disabled_mkey, unsigned long disabled_auth,
unsigned long disabled_enc, unsigned long disabled_mac,
@@ -753,7 +753,7 @@
CIPHER_ORDER *head)
{
CIPHER_ORDER *ciph_curr;
- SSL_CIPHER **ca_curr;
+ const SSL_CIPHER **ca_curr;
int i;
unsigned long mask_mkey = ~disabled_mkey;
unsigned long mask_auth = ~disabled_auth;
@@ -823,7 +823,7 @@
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
- SSL_CIPHER *cp;
+ const SSL_CIPHER *cp;
int reverse = 0;
#ifdef CIPHER_DEBUG
@@ -999,7 +999,7 @@
static int ssl_cipher_process_rulestr(const char *rule_str,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
- SSL_CIPHER **ca_list)
+ const SSL_CIPHER **ca_list)
{
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
const char *l, *start, *buf;
@@ -1258,7 +1258,7 @@
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
- SSL_CIPHER **ca_list = NULL;
+ const SSL_CIPHER **ca_list = NULL;
/*
* Return with error if nothing to do.
@@ -1345,8 +1345,7 @@
*/
num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
- ca_list =
- (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+ ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
if (ca_list == NULL)
{
OPENSSL_free(co_list);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 203bce6..803894c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1348,7 +1348,7 @@
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
STACK_OF(SSL_CIPHER) **skp)
{
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
int i,n;
@@ -1751,7 +1751,7 @@
X509_VERIFY_PARAM_set_depth(ctx->param, depth);
}
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
{
CERT_PKEY *cpk;
int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
@@ -1963,7 +1963,7 @@
#define ku_reject(x, usage) \
(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
{
unsigned long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
@@ -2109,7 +2109,7 @@
return(c->pkeys[i].x509);
}
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
{
unsigned long alg_a;
CERT *c;
@@ -2547,7 +2547,7 @@
return(NULL);
}
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
{
if ((s->session != NULL) && (s->session->cipher != NULL))
return(s->session->cipher);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index a499a16..ad69a71 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -577,7 +577,7 @@
#endif
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
+OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
@@ -784,6 +784,8 @@
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER,
+ ssl_cipher_id_cmp);
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
const SSL_CIPHER * const *bp);
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
@@ -803,9 +805,9 @@
int ssl_undefined_void_function(void);
int ssl_undefined_const_function(const SSL *s);
X509 *ssl_get_server_send_cert(SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
+EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *);
int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
int ssl_verify_alarm_type(long type);
void ssl_load_ciphers(void);
@@ -814,7 +816,7 @@
int ssl2_generate_key_material(SSL *s);
void ssl2_enc(SSL *s,int send_data);
void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
int ssl2_part_read(SSL *s, unsigned long f, int i);
int ssl2_do_write(SSL *s);
@@ -822,7 +824,7 @@
void ssl2_return_error(SSL *s,int reason);
void ssl2_write_error(SSL *s);
int ssl2_num_ciphers(void);
-SSL_CIPHER *ssl2_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
int ssl2_new(SSL *s);
void ssl2_free(SSL *s);
int ssl2_accept(SSL *s);
@@ -839,7 +841,7 @@
int ssl2_pending(const SSL *s);
long ssl2_default_timeout(void );
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
void ssl3_init_finished_mac(SSL *s);
int ssl3_send_server_certificate(SSL *s);
@@ -858,7 +860,7 @@
long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
int ssl3_num_ciphers(void);
-SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl);
int ssl3_dispatch_alert(SSL *s);
@@ -899,12 +901,12 @@
long ssl3_default_timeout(void );
int ssl23_num_ciphers(void );
-SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
int ssl23_read(SSL *s, void *buf, int len);
int ssl23_peek(SSL *s, void *buf, int len);
int ssl23_write(SSL *s, const void *buf, int len);
int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
long ssl23_default_timeout(void );
long tls1_default_timeout(void);
@@ -934,7 +936,7 @@
void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
void dtls1_reset_seq_numbers(SSL *s, int rw);
long dtls1_default_timeout(void);
-SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
/* some client-only functions */
@@ -1020,7 +1022,7 @@
int ssl_ok(SSL *s);
#ifndef OPENSSL_NO_ECDH
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs);
#endif
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index b20ab0f..c76f667 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -317,7 +317,7 @@
static void print_details(SSL *c_ssl, const char *prefix)
{
- SSL_CIPHER *ciph;
+ const SSL_CIPHER *ciph;
X509 *cert;
ciph=SSL_get_current_cipher(c_ssl);
@@ -2408,7 +2408,7 @@
{
int i = 0;
const SSL_METHOD *meth;
- SSL_CIPHER *ci, *tci = NULL;
+ const SSL_CIPHER *ci, *tci = NULL;
#ifndef OPENSSL_NO_SSL2
fprintf(stderr, "testing SSLv2 cipher list order: ");
