The previous commit to crypto/stack/*.[ch] pulled the type-safety strings
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;
X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).
Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 6a09d6a..1977707 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -69,7 +69,7 @@
static int ssl3_client_hello(SSL *s);
static int ssl3_get_server_hello(SSL *s);
static int ssl3_get_certificate_request(SSL *s);
-static int ca_dn_cmp(X509_NAME **a,X509_NAME **b);
+static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
static int ssl3_get_server_done(SSL *s);
static int ssl3_send_client_verify(SSL *s);
static int ssl3_send_client_certificate(SSL *s);
@@ -1275,7 +1275,7 @@
return(ret);
}
-static int ca_dn_cmp(X509_NAME **a, X509_NAME **b)
+static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
{
return(X509_NAME_cmp(*a,*b));
}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index e134e6f..fc8b8a7 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -568,7 +568,7 @@
return(add_client_CA(&(ctx->client_CA),x));
}
-static int xname_cmp(X509_NAME **a,X509_NAME **b)
+static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
{
return(X509_NAME_cmp(*a,*b));
}
@@ -649,7 +649,7 @@
X509 *x=NULL;
X509_NAME *xn=NULL;
int ret=1;
- int (*oldcmp)(X509_NAME **a, X509_NAME **b);
+ int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index a5b2b97..817b6b3 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1037,7 +1037,8 @@
return(NULL);
}
-static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b)
+static int sk_comp_cmp(const SSL_COMP * const *a,
+ const SSL_COMP * const *b)
{
return((*a)->id-(*b)->id);
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c515c41..f4eb35b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -874,7 +874,7 @@
}
}
-int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
{
long l;
@@ -885,7 +885,8 @@
return((l > 0)?1:-1);
}
-int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp)
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+ const SSL_CIPHER * const *bp)
{
long l;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 9a52bab..d70fff4 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -423,8 +423,9 @@
int ssl_set_peer_cert_type(SESS_CERT *c, int type);
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
-int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b);
-int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp);
+int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+ const SSL_CIPHER * const *bp);
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
STACK_OF(SSL_CIPHER) **skp);
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
