diff options
| author | Richard Levitte <levitte@openssl.org> | 2005-04-05 06:43:24 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2005-04-05 06:43:24 +0000 |
| commit | 49d35083ca3deefabe362c2f3ee1b6f6e700bee8 (patch) | |
| tree | 60ba25fa21ba56b87c1ca3aa900f0ecef4f0d005 | |
| parent | 15c49e2df22e4af71046ba98c5f3d8ce48c020ee (diff) | |
| download | openssl-new-49d35083ca3deefabe362c2f3ee1b6f6e700bee8.tar.gz | |
Recent changes from 0.9.7-stable.
I'm about to test that this is interchangeable with "normal" 0.9.7-stable.
70 files changed, 426 insertions, 295 deletions
@@ -2,7 +2,12 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7e and 0.9.7f [XX xxx XXXX] + Changes between 0.9.7f and 0.9.7g [XX xxx XXXX] + + *) Undo Cygwin change. + [Ulf Möller] + + Changes between 0.9.7e and 0.9.7f [22 Mar 2005] *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating server and client random values. Previously @@ -169,9 +169,19 @@ my %table=( # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" # error message. "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -shared -static-libgcc might appear controversial, but modules taken +# from static libgcc do not have relocations and linking them into our +# shared objects doesn't have any negative side-effects. On the contrary, +# doing so makes it possible to use gcc shared build with Sun C. Given +# that gcc generates faster code [thanks to inline assembler], I would +# actually recommend to consider using gcc shared build even with vendor +# compiler:-) +# <appro@fy.chalmers.se> +"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-amd64.o:::dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Solaris x86 with Sun C setups "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL::::::::::dlfcn:solaris-shared:-KPIC:-xarch=amd64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -70,7 +70,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.7e was released on October 25, 2004. +OpenSSL 0.9.7f was released on March 22, 2005. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -792,9 +792,20 @@ that is allocated when an application starts up. Since such tables do not grow in size over time they are harmless. These internal tables can be freed up when an application closes using various -functions. Currently these include: EVP_cleanup(), ERR_remove_state(), -ERR_free_strings(), ENGINE_cleanup(), CONF_modules_unload() and -CRYPTO_cleanup_all_ex_data(). +functions. Currently these include following: + +Thread-local cleanup functions: + + ERR_remove_state() + +Application-global cleanup functions that are aware of usage (and therefore +thread-safe): + + ENGINE_cleanup() and CONF_modules_unload() + +"Brutal" (thread-unsafe) Application-global cleanup functions: + + ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). =============================================================================== @@ -5,6 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f: + + o Several compilation issues fixed. + o Many memory allocation failure checks added. + o Improved comparison of X509 Name type. + o Mandatory basic checks on certificates. + o Performance improvements. + Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e: o Fix race condition in CRL checking code. @@ -1,7 +1,7 @@ - OpenSSL 0.9.7e 25 Oct 2004 + OpenSSL 0.9.7f 22 March 2005 - Copyright (c) 1998-2004 The OpenSSL Project + Copyright (c) 1998-2005 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -1,10 +1,12 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2004/03/17 12:01:16 $ + ______________ $Date: 2005/04/05 06:43:12 $ DEVELOPMENT STATE o OpenSSL 0.9.8: Under development... + o OpenSSL 0.9.7f: Released on March 22nd, 2005 + o OpenSSL 0.9.7e: Released on October 25th, 2004 o OpenSSL 0.9.7d: Released on March 17th, 2004 o OpenSSL 0.9.7c: Released on September 30th, 2003 o OpenSSL 0.9.7b: Released on April 10th, 2003 @@ -4175,6 +4175,56 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** solaris64-x86_64-cc +$cc = cc +$cflags = -fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -KPIC +$shared_ldflag = -xarch=amd64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + +*** solaris64-x86_64-gcc +$cc = gcc +$cflags = -m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL +$bn_obj = asm/x86_64-gcc.o +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = asm/rc4-amd64.o +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 -shared -static-libgcc +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** sunos-gcc $cc = gcc $cflags = -O3 -mv8 -Dssize_t=int @@ -442,7 +442,7 @@ if [ "$SYSTEM" = "SunOS" ]; then egrep -e '^cc: .* C [0-9]\.[0-9]' | \ sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'` CCVER=${CCVER:-0} - if [ $CCVER -gt 40 ]; then + if [ $MACHINE != i86pc -a $CCVER -gt 40 ]; then CC=cc # overrides gcc!!! if [ $CCVER -eq 50 ]; then echo "WARNING! Detected WorkShop C 5.0. Do make sure you have" @@ -654,7 +654,14 @@ EOF sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;; sun4d-*-solaris2) OUT="solaris-sparcv8-$CC" ;; sun4*-*-solaris2) OUT="solaris-sparcv7-$CC" ;; - *86*-*-solaris2) OUT="solaris-x86-$CC" ;; + *86*-*-solaris2) + ISA64=`(isalist) 2>/dev/null | grep amd64` + if [ "$ISA64" != "" ]; then + OUT="solaris64-x86_64-$CC" + else + OUT="solaris-x86-$CC" + fi + ;; *-*-sunos4) OUT="sunos-$CC" ;; alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;; diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index 8035513f04..d18e772320 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -60,7 +60,7 @@ #include "cryptlib.h" #include <openssl/asn1.h> -int ASN1_PRINTABLE_type(unsigned char *s, int len) +int ASN1_PRINTABLE_type(const unsigned char *s, int len) { int c; int ia5=0; diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 6fc430da7d..ceaeb4cbe3 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -829,7 +829,7 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); /* General */ /* given a string, return the correct type, max is the maximum length */ -int ASN1_PRINTABLE_type(unsigned char *s, int max); +int ASN1_PRINTABLE_type(const unsigned char *s, int max); int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index a5ab12deb0..f693d35d87 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -118,6 +118,7 @@ asm/ia64-cpp.o: asm/ia64.S rm -f /tmp/ia64.$$$$.s asm/x86_64-gcc.o: asm/x86_64-gcc.c + $(CC) $(ASFLAGS) -c -o $@ $< asm/pa-risc2W.o: asm/pa-risc2W.s /usr/ccs/bin/as -o asm/pa-risc2W.o asm/pa-risc2W.s diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index 450e8e4322..7378344251 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -13,20 +13,42 @@ * A. Well, that's because this code is basically a quick-n-dirty * proof-of-concept hack. As you can see it's implemented with * inline assembler, which means that you're bound to GCC and that - * there must be a room for fine-tuning. + * there might be enough room for further improvement. * * Q. Why inline assembler? - * A. x86_64 features own ABI I'm not familiar with. Which is why - * I decided to let the compiler take care of subroutine - * prologue/epilogue as well as register allocation. + * A. x86_64 features own ABI which I'm not familiar with. This is + * why I decided to let the compiler take care of subroutine + * prologue/epilogue as well as register allocation. For reference. + * Win64 implements different ABI for AMD64, different from Linux. * * Q. How much faster does it get? - * A. Unfortunately people sitting on x86_64 hardware are prohibited - * to disclose the performance numbers, so they (SuSE labs to be - * specific) wouldn't tell me. However! Very similar coding technique - * (reaching out for 128-bit result from 64x64-bit multiplication) - * results in >3 times performance improvement on MIPS and I see no - * reason why gain on x86_64 would be so much different:-) + * A. 'apps/openssl speed rsa dsa' output with no-asm: + * + * sign verify sign/s verify/s + * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2 + * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0 + * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8 + * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6 + * sign verify sign/s verify/s + * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3 + * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2 + * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0 + * + * 'apps/openssl speed rsa dsa' output with this module: + * + * sign verify sign/s verify/s + * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9 + * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7 + * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0 + * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8 + * sign verify sign/s verify/s + * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3 + * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4 + * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6 + * + * For the reference. IA-32 assembler implementation performs + * very much like 64-bit code compiled with no-asm on the same + * machine. */ #define BN_ULONG unsigned long @@ -151,7 +173,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) } BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) -{ BN_ULONG ret,i; +{ BN_ULONG ret=0,i=0; if (n <= 0) return 0; @@ -164,7 +186,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) " leaq 1(%2),%2 \n" " loop 1b \n" " sbbq %0,%0 \n" - : "+a"(ret),"+c"(n),"+r"(i) + : "=&a"(ret),"+c"(n),"=&r"(i) : "r"(rp),"r"(ap),"r"(bp) : "cc" ); @@ -174,7 +196,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) #ifndef SIMICS BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) -{ BN_ULONG ret,i; +{ BN_ULONG ret=0,i=0; if (n <= 0) return 0; @@ -187,7 +209,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) " leaq 1(%2),%2 \n" " loop 1b \n" " sbbq %0,%0 \n" - : "+a"(ret),"+c"(n),"+r"(i) + : "=&a"(ret),"+c"(n),"=&r"(i) : "r"(rp),"r"(ap),"r"(bp) : "cc" ); @@ -318,7 +340,6 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) { - BN_ULONG bl,bh; BN_ULONG t1,t2; BN_ULONG c1,c2,c3; @@ -423,7 +444,6 @@ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) { - BN_ULONG bl,bh; BN_ULONG t1,t2; BN_ULONG c1,c2,c3; @@ -464,7 +484,6 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) { - BN_ULONG bl,bh; BN_ULONG t1,t2; BN_ULONG c1,c2,c3; @@ -541,7 +560,6 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) { - BN_ULONG bl,bh; BN_ULONG t1,t2; BN_ULONG c1,c2,c3; diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index 416cffdcfb..5027a3855a 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -448,7 +448,7 @@ e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h e_rc4.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c +e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c evp_locl.h e_rc5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h e_rc5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h e_rc5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index 2420d7e5af..a84b0f14b1 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, 1,0,0, - 0, + EVP_CIPH_FLAG_FIPS, null_init_key, null_cipher, NULL, diff --git a/crypto/opensslv.h b/crypto/opensslv.h index e8ff5eae55..85aa9755aa 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x00907060L +#define OPENSSL_VERSION_NUMBER 0x00907070L #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7f-fips-dev XX xxx XXXX" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g-fips-dev XX xxx XXXX" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7f-dev [rfc3820] XX xxx XXXX" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g-dev [rfc3820] XX xxx XXXX" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl index 502f155dd1..5009acb4b3 100644 --- a/crypto/perlasm/x86nasm.pl +++ b/crypto/perlasm/x86nasm.pl @@ -86,7 +86,7 @@ sub get_mem { my($size,$addr,$reg1,$reg2,$idx)=@_; my($t,$post); - my($ret)="["; + my($ret)="$size ["; $addr =~ s/^\s+//; if ($addr =~ /^(.+)\+(.+)$/) { @@ -177,6 +177,11 @@ sub out2 my($l,$t); push(@out,"\t$name\t"); + if ($name eq "lea") + { + $p1 =~ s/^[^\[]*\[/\[/; + $p2 =~ s/^[^\[]*\[/\[/; + } $t=&conv($p1).","; $l=length($t); push(@out,$t); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 6cf7cad17c..ee1817c7af 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -183,7 +183,6 @@ int PKCS7_set_type(PKCS7 *p7, int type) ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) goto err; - break; p7->d.signed_and_enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); break; diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index a7c2c9df74..30c69161ef 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -113,7 +113,7 @@ #include <openssl/rand.h> #include "rand_lcl.h" -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN32_CYGWIN) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) #include <windows.h> #ifndef _WIN32_WINNT # define _WIN32_WINNT 0x0400 diff --git a/crypto/rc4/Makefile b/crypto/rc4/Makefile index b30498d925..64e06924f4 100644 --- a/crypto/rc4/Makefile +++ b/crypto/rc4/Makefile @@ -66,7 +66,7 @@ asm/rx86bsdi.o: asm/rx86unix.cpp asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl (cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp) -asm/rc4-amd64.s: asm/rc4-amd64.pl; $(PERL) $< $@ +asm/rc4-amd64.s: asm/rc4-amd64.pl; $(PERL) asm/rc4-amd64.pl $@ asm/rc4-ia64.s: asm/rc4-ia64.S $(CC) $(CFLAGS) -E asm/rc4-ia64.S > $@ diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index e4d5434cb1..e8c1a59cf2 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -1038,18 +1038,18 @@ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - char *field, int type, unsigned char *bytes, int len); + const char *field, int type, const unsigned char *bytes, int len); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); -int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, - unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - ASN1_OBJECT *obj, int type,unsigned char *bytes, + ASN1_OBJECT *obj, int type,const unsigned char *bytes, int len); int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - unsigned char *bytes, int len); + const unsigned char *bytes, int len); ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index 4c20e03ece..068abfe5f0 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -195,8 +195,8 @@ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, return ret; } -int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, - unsigned char *bytes, int len, int loc, int set) +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, int set) { X509_NAME_ENTRY *ne; int ret; @@ -273,7 +273,7 @@ err: } X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - char *field, int type, unsigned char *bytes, int len) + const char *field, int type, const unsigned char *bytes, int len) { ASN1_OBJECT *obj; X509_NAME_ENTRY *nentry; @@ -309,7 +309,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, } X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - ASN1_OBJECT *obj, int type, unsigned char *bytes, int len) + ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) { X509_NAME_ENTRY *ret; @@ -347,7 +347,7 @@ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) } int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - unsigned char *bytes, int len) + const unsigned char *bytes, int len) { int i; diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod index b5e477e294..48a0e29954 100644 --- a/doc/crypto/EVP_SealInit.pod +++ b/doc/crypto/EVP_SealInit.pod @@ -8,8 +8,9 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption #include <openssl/evp.h> - int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); + int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index b203c3a1c5..b6e62ce7f6 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -29,11 +29,10 @@ EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the signature context B<ctx>. This function can be called several times on the same B<ctx> to include additional data. -EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> -and places the signature in B<sig>. If the B<s> parameter is not NULL -then the number of bytes of data written (i.e. the length of the signature) -will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes -will be written. +EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and +places the signature in B<sig>. The number of bytes of data written (i.e. the +length of the signature) will be written to the integer at B<s>, at most +EVP_PKEY_size(pkey) bytes will be written. EVP_SignInit() initializes a signing context B<ctx> to use the default implementation of digest B<type>. diff --git a/doc/crypto/X509_NAME_ENTRY_get_object.pod b/doc/crypto/X509_NAME_ENTRY_get_object.pod index d287c18564..11b35f6fd3 100644 --- a/doc/crypto/X509_NAME_ENTRY_get_object.pod +++ b/doc/crypto/X509_NAME_ENTRY_get_object.pod @@ -13,11 +13,11 @@ ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); -int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, unsigned char *bytes, int len); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type,unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); =head1 DESCRIPTION diff --git a/doc/crypto/X509_NAME_add_entry_by_txt.pod b/doc/crypto/X509_NAME_add_entry_by_txt.pod index 4472a1c5cf..e2ab4b0d2b 100644 --- a/doc/crypto/X509_NAME_add_entry_by_txt.pod +++ b/doc/crypto/X509_NAME_add_entry_by_txt.pod @@ -7,10 +7,14 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions =head1 SYNOPSIS -int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); + X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_CIPHER_get_name.pod b/doc/ssl/SSL_CIPHER_get_name.pod index 4b91c63ba0..f81f692df5 100644 --- a/doc/ssl/SSL_CIPHER_get_name.pod +++ b/doc/ssl/SSL_CIPHER_get_name.pod @@ -8,9 +8,9 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_des #include <openssl/ssl.h> - const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher); - int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits); - char *SSL_CIPHER_get_version(SSL_CIPHER *cipher); + const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); + int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); + char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_CTX_get_ex_new_index.pod b/doc/ssl/SSL_CTX_get_ex_new_index.pod index 5686faf299..0c40a91f2f 100644 --- a/doc/ssl/SSL_CTX_get_ex_new_index.pod +++ b/doc/ssl/SSL_CTX_get_ex_new_index.pod @@ -15,7 +15,7 @@ SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data - internal ap int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg); - void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx); + void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp); diff --git a/doc/ssl/SSL_CTX_get_verify_mode.pod b/doc/ssl/SSL_CTX_get_verify_mode.pod index 7f10c6e945..2a3747e75c 100644 --- a/doc/ssl/SSL_CTX_get_verify_mode.pod +++ b/doc/ssl/SSL_CTX_get_verify_mode.pod @@ -8,12 +8,12 @@ SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_ #include <openssl/ssl.h> - int SSL_CTX_get_verify_mode(SSL_CTX *ctx); - int SSL_get_verify_mode(SSL *ssl); - int SSL_CTX_get_verify_depth(SSL_CTX *ctx); - int SSL_get_verify_depth(SSL *ssl); - int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int, X509_STORE_CTX *); - int (*SSL_get_verify_callback(SSL *ssl))(int, X509_STORE_CTX *); + int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); + int SSL_get_verify_mode(const SSL *ssl); + int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); + int SSL_get_verify_depth(const SSL *ssl); + int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); + int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_CTX_set_cert_store.pod b/doc/ssl/SSL_CTX_set_cert_store.pod index 3a240c4d37..6acf0d9f9b 100644 --- a/doc/ssl/SSL_CTX_set_cert_store.pod +++ b/doc/ssl/SSL_CTX_set_cert_store.pod @@ -9,7 +9,7 @@ SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate ver #include <openssl/ssl.h> void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); - X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx); + X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_CTX_set_info_callback.pod b/doc/ssl/SSL_CTX_set_info_callback.pod index 63d0b8d33f..0b4affd5eb 100644 --- a/doc/ssl/SSL_CTX_set_info_callback.pod +++ b/doc/ssl/SSL_CTX_set_info_callback.pod @@ -9,10 +9,10 @@ SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL #include <openssl/ssl.h> void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); - void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(); + void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); void SSL_set_info_callback(SSL *ssl, void (*callback)()); - void (*SSL_get_info_callback(SSL *ssl))(); + void (*SSL_get_info_callback(const SSL *ssl))(); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 766f0c9200..5ab1b32f93 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -163,7 +163,7 @@ When choosing a cipher, use the server's preferences instead of the client preferences. When not set, the SSL server will always follow the clients preferences. When set, the SSLv3/TLSv1 server will choose following its own preferences. Because of the different protocol, for SSLv2 the server -will send his list of preferences to the client and the client chooses. +will send its list of preferences to the client and the client chooses. =item SSL_OP_PKCS1_CHECK_1 diff --git a/doc/ssl/SSL_CTX_set_quiet_shutdown.pod b/doc/ssl/SSL_CTX_set_quiet_shutdown.pod index 1d0526d59a..393f8ff0b4 100644 --- a/doc/ssl/SSL_CTX_set_quiet_shutdown.pod +++ b/doc/ssl/SSL_CTX_set_quiet_shutdown.pod @@ -9,10 +9,10 @@ SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, #include <openssl/ssl.h> void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); - int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx); + int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); void SSL_set_quiet_shutdown(SSL *ssl, int mode); - int SSL_get_quiet_shutdown(SSL *ssl); + int SSL_get_quiet_shutdown(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod index ea2faba3ec..48c888c337 100644 --- a/doc/ssl/SSL_CTX_use_certificate.pod +++ b/doc/ssl/SSL_CTX_use_certificate.pod @@ -31,8 +31,8 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); - int SSL_CTX_check_private_key(SSL_CTX *ctx); - int SSL_check_private_key(SSL *ssl); + int SSL_CTX_check_private_key(const SSL_CTX *ctx); + int SSL_check_private_key(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_SESSION_get_ex_new_index.pod b/doc/ssl/SSL_SESSION_get_ex_new_index.pod index da0bcf1590..657cda931f 100644 --- a/doc/ssl/SSL_SESSION_get_ex_new_index.pod +++ b/doc/ssl/SSL_SESSION_get_ex_new_index.pod @@ -15,7 +15,7 @@ SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data - int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg); - void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx); + void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, int idx); typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp); diff --git a/doc/ssl/SSL_SESSION_get_time.pod b/doc/ssl/SSL_SESSION_get_time.pod index ea3c2bcfe6..00883ed2a0 100644 --- a/doc/ssl/SSL_SESSION_get_time.pod +++ b/doc/ssl/SSL_SESSION_get_time.pod @@ -8,14 +8,14 @@ SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION #include <openssl/ssl.h> - long SSL_SESSION_get_time(SSL_SESSION *s); + long SSL_SESSION_get_time(const SSL_SESSION *s); long SSL_SESSION_set_time(SSL_SESSION *s, long tm); - long SSL_SESSION_get_timeout(SSL_SESSION *s); + long SSL_SESSION_get_timeout(const SSL_SESSION *s); long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); - long SSL_get_time(SSL_SESSION *s); + long SSL_get_time(const SSL_SESSION *s); long SSL_set_time(SSL_SESSION *s, long tm); - long SSL_get_timeout(SSL_SESSION *s); + long SSL_get_timeout(const SSL_SESSION *s); long SSL_set_timeout(SSL_SESSION *s, long tm); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_SSL_CTX.pod b/doc/ssl/SSL_get_SSL_CTX.pod index 52d0227b19..659c482c79 100644 --- a/doc/ssl/SSL_get_SSL_CTX.pod +++ b/doc/ssl/SSL_get_SSL_CTX.pod @@ -8,7 +8,7 @@ SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created #include <openssl/ssl.h> - SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); + SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index 2a57455c23..aecadd9138 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -8,8 +8,8 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs #include <openssl/ssl.h> - STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl); - const char *SSL_get_cipher_list(SSL *ssl, int priority); + STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); + const char *SSL_get_cipher_list(const SSL *ssl, int priority); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_client_CA_list.pod b/doc/ssl/SSL_get_client_CA_list.pod index 5693fdebb2..68181b2407 100644 --- a/doc/ssl/SSL_get_client_CA_list.pod +++ b/doc/ssl/SSL_get_client_CA_list.pod @@ -8,8 +8,8 @@ SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs #include <openssl/ssl.h> - STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); - STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx); + STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); + STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_current_cipher.pod b/doc/ssl/SSL_get_current_cipher.pod index 2dd7261d89..e5ab12491e 100644 --- a/doc/ssl/SSL_get_current_cipher.pod +++ b/doc/ssl/SSL_get_current_cipher.pod @@ -9,7 +9,7 @@ SSL_get_cipher_bits, SSL_get_cipher_version - get SSL_CIPHER of a connection #include <openssl/ssl.h> - SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); + SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); #define SSL_get_cipher(s) \ SSL_CIPHER_get_name(SSL_get_current_cipher(s)) #define SSL_get_cipher_name(s) \ diff --git a/doc/ssl/SSL_get_default_timeout.pod b/doc/ssl/SSL_get_default_timeout.pod index 8d43b31345..a648a9b82d 100644 --- a/doc/ssl/SSL_get_default_timeout.pod +++ b/doc/ssl/SSL_get_default_timeout.pod @@ -8,7 +8,7 @@ SSL_get_default_timeout - get default session timeout value #include <openssl/ssl.h> - long SSL_get_default_timeout(SSL *ssl); + long SSL_get_default_timeout(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod index fe28dd942a..48c6b15db7 100644 --- a/doc/ssl/SSL_get_error.pod +++ b/doc/ssl/SSL_get_error.pod @@ -8,7 +8,7 @@ SSL_get_error - obtain result code for TLS/SSL I/O operation #include <openssl/ssl.h> - int SSL_get_error(SSL *ssl, int ret); + int SSL_get_error(const SSL *ssl, int ret); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_ex_new_index.pod b/doc/ssl/SSL_get_ex_new_index.pod index 6644ef8fbc..228d23d8c0 100644 --- a/doc/ssl/SSL_get_ex_new_index.pod +++ b/doc/ssl/SSL_get_ex_new_index.pod @@ -15,7 +15,7 @@ SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data - internal application sp int SSL_set_ex_data(SSL *ssl, int idx, void *arg); - void *SSL_get_ex_data(SSL *ssl, int idx); + void *SSL_get_ex_data(const SSL *ssl, int idx); typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp); diff --git a/doc/ssl/SSL_get_fd.pod b/doc/ssl/SSL_get_fd.pod index a3f7625931..89260b522c 100644 --- a/doc/ssl/SSL_get_fd.pod +++ b/doc/ssl/SSL_get_fd.pod @@ -8,9 +8,9 @@ SSL_get_fd - get file descriptor linked to an SSL object #include <openssl/ssl.h> - int SSL_get_fd(SSL *ssl); - int SSL_get_rfd(SSL *ssl); - int SSL_get_wfd(SSL *ssl); + int SSL_get_fd(const SSL *ssl); + int SSL_get_rfd(const SSL *ssl); + int SSL_get_wfd(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_peer_cert_chain.pod b/doc/ssl/SSL_get_peer_cert_chain.pod index 390ce0b41b..49fb88f86f 100644 --- a/doc/ssl/SSL_get_peer_cert_chain.pod +++ b/doc/ssl/SSL_get_peer_cert_chain.pod @@ -8,7 +8,7 @@ SSL_get_peer_cert_chain - get the X509 certificate chain of the peer #include <openssl/ssl.h> - STACKOF(X509) *SSL_get_peer_cert_chain(SSL *ssl); + STACKOF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_peer_certificate.pod b/doc/ssl/SSL_get_peer_certificate.pod index 60635a9660..ef7c8be180 100644 --- a/doc/ssl/SSL_get_peer_certificate.pod +++ b/doc/ssl/SSL_get_peer_certificate.pod @@ -8,7 +8,7 @@ SSL_get_peer_certificate - get the X509 certificate of the peer #include <openssl/ssl.h> - X509 *SSL_get_peer_certificate(SSL *ssl); + X509 *SSL_get_peer_certificate(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_session.pod b/doc/ssl/SSL_get_session.pod index dd9aba40b6..0c41caa922 100644 --- a/doc/ssl/SSL_get_session.pod +++ b/doc/ssl/SSL_get_session.pod @@ -8,8 +8,8 @@ SSL_get_session - retrieve TLS/SSL session data #include <openssl/ssl.h> - SSL_SESSION *SSL_get_session(SSL *ssl); - SSL_SESSION *SSL_get0_session(SSL *ssl); + SSL_SESSION *SSL_get_session(const SSL *ssl); + SSL_SESSION *SSL_get0_session(const SSL *ssl); SSL_SESSION *SSL_get1_session(SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_verify_result.pod b/doc/ssl/SSL_get_verify_result.pod index e6bac9c35a..55b56a53f9 100644 --- a/doc/ssl/SSL_get_verify_result.pod +++ b/doc/ssl/SSL_get_verify_result.pod @@ -8,7 +8,7 @@ SSL_get_verify_result - get result of peer certificate verification #include <openssl/ssl.h> - long SSL_get_verify_result(SSL *ssl); + long SSL_get_verify_result(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_get_version.pod b/doc/ssl/SSL_get_version.pod index 24d5291256..cc271db2c5 100644 --- a/doc/ssl/SSL_get_version.pod +++ b/doc/ssl/SSL_get_version.pod @@ -8,7 +8,7 @@ SSL_get_version - get the protocol version of a connection. #include <openssl/ssl.h> - const char *SSL_get_version(SSL *ssl); + const char *SSL_get_version(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod index b4c48598b2..43f2874e8b 100644 --- a/doc/ssl/SSL_pending.pod +++ b/doc/ssl/SSL_pending.pod @@ -8,7 +8,7 @@ SSL_pending - obtain number of readable bytes buffered in an SSL object #include <openssl/ssl.h> - int SSL_pending(SSL *ssl); + int SSL_pending(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_set_shutdown.pod b/doc/ssl/SSL_set_shutdown.pod index 6289e635d9..011a022a12 100644 --- a/doc/ssl/SSL_set_shutdown.pod +++ b/doc/ssl/SSL_set_shutdown.pod @@ -10,7 +10,7 @@ SSL_set_shutdown, SSL_get_shutdown - manipulate shutdown state of an SSL connect void SSL_set_shutdown(SSL *ssl, int mode); - int SSL_get_shutdown(SSL *ssl); + int SSL_get_shutdown(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_state_string.pod b/doc/ssl/SSL_state_string.pod index b4be1aaa48..fe25d47c71 100644 --- a/doc/ssl/SSL_state_string.pod +++ b/doc/ssl/SSL_state_string.pod @@ -8,8 +8,8 @@ SSL_state_string, SSL_state_string_long - get textual description of state of an #include <openssl/ssl.h> - const char *SSL_state_string(SSL *ssl); - const char *SSL_state_string_long(SSL *ssl); + const char *SSL_state_string(const SSL *ssl); + const char *SSL_state_string_long(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/SSL_want.pod b/doc/ssl/SSL_want.pod index 50cc89db80..c0059c0d4a 100644 --- a/doc/ssl/SSL_want.pod +++ b/doc/ssl/SSL_want.pod @@ -8,11 +8,11 @@ SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup #include <openssl/ssl.h> - int SSL_want(SSL *ssl); - int SSL_want_nothing(SSL *ssl); - int SSL_want_read(SSL *ssl); - int SSL_want_write(SSL *ssl); - int SSL_want_x509_lookup(SSL *ssl); + int SSL_want(const SSL *ssl); + int SSL_want_nothing(const SSL *ssl); + int SSL_want_read(const SSL *ssl); + int SSL_want_write(const SSL *ssl); + int SSL_want_x509_lookup(const SSL *ssl); =head1 DESCRIPTION diff --git a/doc/ssl/d2i_SSL_SESSION.pod b/doc/ssl/d2i_SSL_SESSION.pod index 0321a5a36f..81d276477f 100644 --- a/doc/ssl/d2i_SSL_SESSION.pod +++ b/doc/ssl/d2i_SSL_SESSION.pod @@ -8,7 +8,7 @@ d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 repre #include <openssl/ssl.h> - SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length); + SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); =head1 DESCRIPTION diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 3dc5358ef6..266697d221 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -213,7 +213,7 @@ protocol context defined in the B<SSL_CTX> structure. =item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c); -=item int B<SSL_CTX_check_private_key>(SSL_CTX *ctx); +=item int B<SSL_CTX_check_private_key>(const SSL_CTX *ctx); =item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg); @@ -225,23 +225,23 @@ protocol context defined in the B<SSL_CTX> structure. =item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx); -=item STACK *B<SSL_CTX_get_client_CA_list>(SSL_CTX *ctx); +=item STACK *B<SSL_CTX_get_client_CA_list>(const SSL_CTX *ctx); =item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); -=item char *B<SSL_CTX_get_ex_data>(SSL_CTX *s, int idx); +=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx); =item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) =item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret); -=item int B<SSL_CTX_get_quiet_shutdown>(SSL_CTX *ctx); +=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx); =item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx); -=item long B<SSL_CTX_get_timeout>(SSL_CTX *ctx); +=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx); -=item int (*B<SSL_CTX_get_verify_callback>(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx); +=item int (*B<SSL_CTX_get_verify_callback>(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx); =item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx); @@ -383,27 +383,27 @@ sessions defined in the B<SSL_SESSION> structures. =over 4 -=item int B<SSL_SESSION_cmp>(SSL_SESSION *a, SSL_SESSION *b); +=item int B<SSL_SESSION_cmp>(const SSL_SESSION *a, const SSL_SESSION *b); =item void B<SSL_SESSION_free>(SSL_SESSION *ss); =item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s); -=item char *B<SSL_SESSION_get_ex_data>(SSL_SESSION *s, int idx); +=item char *B<SSL_SESSION_get_ex_data>(const SSL_SESSION *s, int idx); =item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) -=item long B<SSL_SESSION_get_time>(SSL_SESSION *s); +=item long B<SSL_SESSION_get_time>(const SSL_SESSION *s); -=item long B<SSL_SESSION_get_timeout>(SSL_SESSION *s); +=item long B<SSL_SESSION_get_timeout>(const SSL_SESSION *s); -=item unsigned long B<SSL_SESSION_hash>(SSL_SESSION *a); +=item unsigned long B<SSL_SESSION_hash>(const SSL_SESSION *a); =item SSL_SESSION *B<SSL_SESSION_new>(void); -=item int B<SSL_SESSION_print>(BIO *bp, SSL_SESSION *x); +=item int B<SSL_SESSION_print>(BIO *bp, const SSL_SESSION *x); -=item int B<SSL_SESSION_print_fp>(FILE *fp, SSL_SESSION *x); +=item int B<SSL_SESSION_print_fp>(FILE *fp, const SSL_SESSION *x); =item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a); @@ -438,7 +438,7 @@ connection defined in the B<SSL> structure. =item char *B<SSL_alert_type_string_long>(int value); -=item int B<SSL_check_private_key>(SSL *ssl); +=item int B<SSL_check_private_key>(const SSL *ssl); =item void B<SSL_clear>(SSL *ssl); @@ -446,7 +446,7 @@ connection defined in the B<SSL> structure. =item int B<SSL_connect>(SSL *ssl); -=item void B<SSL_copy_session_id>(SSL *t, SSL *f); +=item void B<SSL_copy_session_id>(SSL *t, const SSL *f); =item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg); @@ -458,77 +458,77 @@ connection defined in the B<SSL> structure. =item void B<SSL_free>(SSL *ssl); -=item SSL_CTX *B<SSL_get_SSL_CTX>(SSL *ssl); +=item SSL_CTX *B<SSL_get_SSL_CTX>(const SSL *ssl); =item char *B<SSL_get_app_data>(SSL *ssl); -=item X509 *B<SSL_get_certificate>(SSL *ssl); +=item X509 *B<SSL_get_certificate>(const SSL *ssl); -=item const char *B<SSL_get_cipher>(SSL *ssl); +=item const char *B<SSL_get_cipher>(const SSL *ssl); -=item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits); +=item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits); -=item char *B<SSL_get_cipher_list>(SSL *ssl, int n); +=item char *B<SSL_get_cipher_list>(const SSL *ssl, int n); -=item char *B<SSL_get_cipher_name>(SSL *ssl); +=item char *B<SSL_get_cipher_name>(const SSL *ssl); -=item char *B<SSL_get_cipher_version>(SSL *ssl); +=item char *B<SSL_get_cipher_version>(const SSL *ssl); -=item STACK *B<SSL_get_ciphers>(SSL *ssl); +=item STACK *B<SSL_get_ciphers>(const SSL *ssl); -=item STACK *B<SSL_get_client_CA_list>(SSL *ssl); +=item STACK *B<SSL_get_client_CA_list>(const SSL *ssl); =item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl); -=item long B<SSL_get_default_timeout>(SSL *ssl); +=item long B<SSL_get_default_timeout>(const SSL *ssl); -=item int B<SSL_get_error>(SSL *ssl, int i); +=item int B<SSL_get_error>(const SSL *ssl, int i); -=item char *B<SSL_get_ex_data>(SSL *ssl, int idx); +=item char *B<SSL_get_ex_data>(const SSL *ssl, int idx); =item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void); =item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) -=item int B<SSL_get_fd>(SSL *ssl); +=item int B<SSL_get_fd>(const SSL *ssl); -=item void (*B<SSL_get_info_callback>(SSL *ssl);)(void) +=item void (*B<SSL_get_info_callback>(const SSL *ssl);)() -=item STACK *B<SSL_get_peer_cert_chain>(SSL *ssl); +=item STACK *B<SSL_get_peer_cert_chain>(const SSL *ssl); -=item X509 *B<SSL_get_peer_certificate>(SSL *ssl); +=item X509 *B<SSL_get_peer_certificate>(const SSL *ssl); =item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl); -=item int B<SSL_get_quiet_shutdown>(SSL *ssl); +=item int B<SSL_get_quiet_shutdown>(const SSL *ssl); -=item BIO *B<SSL_get_rbio>(SSL *ssl); +=item BIO *B<SSL_get_rbio>(const SSL *ssl); -=item int B<SSL_get_read_ahead>(SSL *ssl); +=item int B<SSL_get_read_ahead>(const SSL *ssl); -=item SSL_SESSION *B<SSL_get_session>(SSL *ssl); +=item SSL_SESSION *B<SSL_get_session>(const SSL *ssl); -=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len); +=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len); -=item int B<SSL_get_shutdown>(SSL *ssl); +=item int B<SSL_get_shutdown>(const SSL *ssl); =item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl); -=item int B<SSL_get_state>(SSL *ssl); +=item int B<SSL_get_state>(const SSL *ssl); -=item long B<SSL_get_time>(SSL *ssl); +=item long B<SSL_get_time>(const SSL *ssl); -=item long B<SSL_get_timeout>(SSL *ssl); +=item long B<SSL_get_timeout>(const SSL *ssl); -=item int (*B<SSL_get_verify_callback>(SSL *ssl);)(void) +=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int,X509_STORE_CTX *) -=item int B<SSL_get_verify_mode>(SSL *ssl); +=item int B<SSL_get_verify_mode>(const SSL *ssl); -=item long B<SSL_get_verify_result>(SSL *ssl); +=item long B<SSL_get_verify_result>(const SSL *ssl); -=item char *B<SSL_get_version>(SSL *ssl); +=item char *B<SSL_get_version>(const SSL *ssl); -=item BIO *B<SSL_get_wbio>(SSL *ssl); +=item BIO *B<SSL_get_wbio>(const SSL *ssl); =item int B<SSL_in_accept_init>(SSL *ssl); @@ -550,7 +550,7 @@ connection defined in the B<SSL> structure. =item int B<SSL_peek>(SSL *ssl, void *buf, int num); -=item int B<SSL_pending>(SSL *ssl); +=item int B<SSL_pending>(const SSL *ssl); =item int B<SSL_read>(SSL *ssl, void *buf, int num); @@ -610,11 +610,11 @@ connection defined in the B<SSL> structure. =item int B<SSL_shutdown>(SSL *ssl); -=item int B<SSL_state>(SSL *ssl); +=item int B<SSL_state>(const SSL *ssl); -=item char *B<SSL_state_string>(SSL *ssl); +=item char *B<SSL_state_string>(const SSL *ssl); -=item char *B<SSL_state_string_long>(SSL *ssl); +=item char *B<SSL_state_string_long>(const SSL *ssl); =item long B<SSL_total_renegotiations>(SSL *ssl); @@ -636,17 +636,17 @@ connection defined in the B<SSL> structure. =item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type); -=item int B<SSL_version>(SSL *ssl); +=item int B<SSL_version>(const SSL *ssl); -=item int B<SSL_want>(SSL *ssl); +=item int B<SSL_want>(const SSL *ssl); -=item int B<SSL_want_nothing>(SSL *ssl); +=item int B<SSL_want_nothing>(const SSL *ssl); -=item int B<SSL_want_read>(SSL *ssl); +=item int B<SSL_want_read>(const SSL *ssl); -=item int B<SSL_want_write>(SSL *ssl); +=item int B<SSL_want_write>(const SSL *ssl); -=item int B<SSL_want_x509_lookup>(s); +=item int B<SSL_want_x509_lookup>(const SSL *ssl); =item int B<SSL_write>(SSL *ssl, const void *buf, int num); diff --git a/fips/fingerprint.sha1 b/fips/fingerprint.sha1 index 8c5b070d2e..1af4792eb1 100644 --- a/fips/fingerprint.sha1 +++ b/fips/fingerprint.sha1 @@ -1,4 +1,4 @@ -HMAC-SHA1(fips.c)= f764539b7d09141738d86c9e0442de990ab8ae3f +HMAC-SHA1(fips.c)= 4eef19c535c1f3deacdf93eb806479ea3b374115 HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898 HMAC-SHA1(fips.h)= fbedad5dbd8986ddd521ea576bf2a20e6881540a HMAC-SHA1(fips_err.h)= 4a73f2a88e206f1f88edfd9b26609a0eed818491 diff --git a/fips/fips.c b/fips/fips.c index 816277e49f..7ecba57f70 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -160,6 +160,7 @@ static int FIPS_check_exe(const char *path) } fclose(f); HMAC_Final(&hmac,mdbuf,&n); + HMAC_CTX_cleanup(&hmac); BIO_snprintf(p2,sizeof p2,sha1_fmt,path); f=fopen(p2,"rb"); if(!f || fread(buf,1,20,f) != 20) diff --git a/openssl.spec b/openssl.spec index 9be18eb18a..bac32164ef 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,7 +1,7 @@ %define libmaj 0 %define libmin 9 %define librel 7 -%define librev e +%define librev f Release: 1 %define openssldir /var/ssl diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index b70002a647..8d7dbcf569 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -87,7 +87,7 @@ static SSL_METHOD SSLv23_data= { ssl3_ctx_ctrl, ssl23_get_cipher_by_char, ssl23_put_cipher_by_char, - ssl_undefined_function, + ssl_undefined_const_function, ssl23_num_ciphers, ssl23_get_cipher, ssl_bad_method, diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index edcef4dda2..26ce8c8d98 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -263,7 +263,7 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u) return(NULL); } -int ssl2_pending(SSL *s) +int ssl2_pending(const SSL *s) { return SSL_in_init(s) ? 0 : s->s2->ract_data_length; } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e7b15431b1..9bf1dbec06 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -541,7 +541,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_KRB5_DES_64_CBC_SHA, SSL3_CK_KRB5_DES_64_CBC_SHA, SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, + SSL_NOT_EXP|SSL_LOW|SSL_FIPS, 0, 56, 56, @@ -555,7 +555,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_KRB5_DES_192_CBC3_SHA, SSL3_CK_KRB5_DES_192_CBC3_SHA, SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 112, 168, @@ -653,7 +653,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_KRB5_DES_40_CBC_SHA, SSL3_CK_KRB5_DES_40_CBC_SHA, SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, + SSL_EXPORT|SSL_EXP40|SSL_FIPS, 0, 40, 56, @@ -1057,7 +1057,7 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u) return(NULL); } -int ssl3_pending(SSL *s) +int ssl3_pending(const SSL *s) { if (s->rstate == SSL_ST_READ_BODY) return 0; @@ -373,7 +373,7 @@ typedef struct ssl_method_st long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); - int (*ssl_pending)(SSL *s); + int (*ssl_pending)(const SSL *s); int (*num_ciphers)(void); SSL_CIPHER *(*get_cipher)(unsigned ncipher); struct ssl_method_st *(*get_ssl_method)(int version); @@ -999,8 +999,8 @@ extern "C" { * -- that we sent (SSL_get_finished) * -- that we expected from peer (SSL_get_peer_finished). * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ -size_t SSL_get_finished(SSL *s, void *buf, size_t count); -size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count); +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options * are 'ored' with SSL_VERIFY_PEER if they are desired */ @@ -1172,26 +1172,26 @@ int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); void SSL_CTX_free(SSL_CTX *); long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); -long SSL_CTX_get_timeout(SSL_CTX *ctx); -X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *); +long SSL_CTX_get_timeout(const SSL_CTX *ctx); +X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); -int SSL_want(SSL *s); +int SSL_want(const SSL *s); int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); -SSL_CIPHER *SSL_get_current_cipher(SSL *s); -int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits); -char * SSL_CIPHER_get_version(SSL_CIPHER *c); -const char * SSL_CIPHER_get_name(SSL_CIPHER *c); - -int SSL_get_fd(SSL *s); -int SSL_get_rfd(SSL *s); -int SSL_get_wfd(SSL *s); -const char * SSL_get_cipher_list(SSL *s,int n); -char * SSL_get_shared_ciphers(SSL *s, char *buf, int len); -int SSL_get_read_ahead(SSL * s); -int SSL_pending(SSL *s); +SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); +char * SSL_CIPHER_get_version(const SSL_CIPHER *c); +const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); + +int SSL_get_fd(const SSL *s); +int SSL_get_rfd(const SSL *s); +int SSL_get_wfd(const SSL *s); +const char * SSL_get_cipher_list(const SSL *s,int n); +char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +int SSL_get_read_ahead(const SSL * s); +int SSL_pending(const SSL *s); #ifndef OPENSSL_NO_SOCK int SSL_set_fd(SSL *s, int fd); int SSL_set_rfd(SSL *s, int fd); @@ -1199,14 +1199,14 @@ int SSL_set_wfd(SSL *s, int fd); #endif #ifndef OPENSSL_NO_BIO void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); -BIO * SSL_get_rbio(SSL *s); -BIO * SSL_get_wbio(SSL *s); +BIO * SSL_get_rbio(const SSL *s); +BIO * SSL_get_wbio(const SSL *s); #endif int SSL_set_cipher_list(SSL *s, const char *str); void SSL_set_read_ahead(SSL *s, int yes); -int SSL_get_verify_mode(SSL *s); -int SSL_get_verify_depth(SSL *s); -int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *); +int SSL_get_verify_mode(const SSL *s); +int SSL_get_verify_depth(const SSL *s); +int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, int (*callback)(int ok,X509_STORE_CTX *ctx)); void SSL_set_verify_depth(SSL *s, int depth); @@ -1244,20 +1244,20 @@ const char *SSL_state_string(const SSL *s); const char *SSL_rstate_string(const SSL *s); const char *SSL_state_string_long(const SSL *s); const char *SSL_rstate_string_long(const SSL *s); -long SSL_SESSION_get_time(SSL_SESSION *s); +long SSL_SESSION_get_time(const SSL_SESSION *s); long SSL_SESSION_set_time(SSL_SESSION *s, long t); -long SSL_SESSION_get_timeout(SSL_SESSION *s); +long SSL_SESSION_get_timeout(const SSL_SESSION *s); long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); -void SSL_copy_session_id(SSL *to,SSL *from); +void SSL_copy_session_id(SSL *to,const SSL *from); SSL_SESSION *SSL_SESSION_new(void); -unsigned long SSL_SESSION_hash(SSL_SESSION *a); -int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b); +unsigned long SSL_SESSION_hash(const SSL_SESSION *a); +int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); #ifndef OPENSSL_NO_FP_API -int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses); +int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); #endif #ifndef OPENSSL_NO_BIO -int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses); +int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); #endif void SSL_SESSION_free(SSL_SESSION *ses); int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); @@ -1268,17 +1268,18 @@ int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, unsigned int id_len); -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char * const *pp, + long length); #ifdef HEADER_X509_H -X509 * SSL_get_peer_certificate(SSL *s); +X509 * SSL_get_peer_certificate(const SSL *s); #endif -STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s); +STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); -int SSL_CTX_get_verify_mode(SSL_CTX *ctx); -int SSL_CTX_get_verify_depth(SSL_CTX *ctx); -int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *); +int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, int (*callback)(int, X509_STORE_CTX *)); void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); @@ -1296,8 +1297,8 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); -int SSL_CTX_check_private_key(SSL_CTX *ctx); -int SSL_check_private_key(SSL *ctx); +int SSL_CTX_check_private_key(const SSL_CTX *ctx); +int SSL_check_private_key(const SSL *ctx); int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, unsigned int sid_ctx_len); @@ -1322,8 +1323,8 @@ long SSL_callback_ctrl(SSL *, int, void (*)()); long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)()); -int SSL_get_error(SSL *s,int ret_code); -const char *SSL_get_version(SSL *s); +int SSL_get_error(const SSL *s,int ret_code); +const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); @@ -1344,7 +1345,7 @@ SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ -STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s); +STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); @@ -1360,15 +1361,15 @@ const char *SSL_alert_desc_string(int value); void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); -STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s); +STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); int SSL_add_client_CA(SSL *ssl,X509 *x); int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); void SSL_set_connect_state(SSL *s); void SSL_set_accept_state(SSL *s); -long SSL_get_default_timeout(SSL *s); +long SSL_get_default_timeout(const SSL *s); int SSL_library_init(void ); @@ -1377,43 +1378,43 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); SSL *SSL_dup(SSL *ssl); -X509 *SSL_get_certificate(SSL *ssl); +X509 *SSL_get_certificate(const SSL *ssl); /* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); -int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx); +int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); void SSL_set_quiet_shutdown(SSL *ssl,int mode); -int SSL_get_quiet_shutdown(SSL *ssl); +int SSL_get_quiet_shutdown(const SSL *ssl); void SSL_set_shutdown(SSL *ssl,int mode); -int SSL_get_shutdown(SSL *ssl); -int SSL_version(SSL *ssl); +int SSL_get_shutdown(const SSL *ssl); +int SSL_version(const SSL *ssl); int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); #define SSL_get0_session SSL_get_session /* just peek at pointer */ -SSL_SESSION *SSL_get_session(SSL *ssl); +SSL_SESSION *SSL_get_session(const SSL *ssl); SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ -SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); void SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl,int type,int val)); -void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val); -int SSL_state(SSL *ssl); +void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); +int SSL_state(const SSL *ssl); void SSL_set_verify_result(SSL *ssl,long v); -long SSL_get_verify_result(SSL *ssl); +long SSL_get_verify_result(const SSL *ssl); int SSL_set_ex_data(SSL *ssl,int idx,void *data); -void *SSL_get_ex_data(SSL *ssl,int idx); +void *SSL_get_ex_data(const SSL *ssl,int idx); int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); -void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); -void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); @@ -1604,6 +1605,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_SET_TRUST 228 #define SSL_F_SSL_SET_WFD 196 #define SSL_F_SSL_SHUTDOWN 224 +#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 #define SSL_F_SSL_UNDEFINED_FUNCTION 197 #define SSL_F_SSL_USE_CERTIFICATE 198 #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index d8ff8fc4a3..4d5900ad2f 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -226,7 +226,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_finish(); } -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp, long length) { int version,ssl_version=0,i; @@ -266,7 +266,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, ((unsigned long)os.data[1]<< 8L)| (unsigned long)os.data[2]; } - else if ((ssl_version>>8) == 3) + else if ((ssl_version>>8) == SSL3_VERSION_MAJOR) { if (os.length != 2) { @@ -287,9 +287,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, ret->cipher_id=id; M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); - if ((ssl_version>>8) == SSL3_VERSION) + if ((ssl_version>>8) == SSL3_VERSION_MAJOR) i=SSL3_MAX_SSL_SESSION_ID_LENGTH; - else /* if (ssl_version == SSL2_VERSION) */ + else /* if (ssl_version == SSL2_VERSION_MAJOR) */ i=SSL2_MAX_SSL_SESSION_ID_LENGTH; if (os.length > i) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 6e98de8903..b8b9bc2390 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -544,12 +544,12 @@ void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) set_client_CA_list(&(ctx->client_CA),name_list); } -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx) +STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) { return(ctx->client_CA); } -STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s) +STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) { if (s->type == SSL_ST_CONNECT) { /* we are in the client */ diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 012d05ecea..b68ed81e52 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -187,7 +187,7 @@ static void load_ciphers(void) init_ciphers=0; } -int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc, +int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, SSL_COMP **comp) { int i; @@ -1065,7 +1065,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) return(buf); } -char *SSL_CIPHER_get_version(SSL_CIPHER *c) +char *SSL_CIPHER_get_version(const SSL_CIPHER *c) { int i; @@ -1080,7 +1080,7 @@ char *SSL_CIPHER_get_version(SSL_CIPHER *c) } /* return the actual cipher being used */ -const char *SSL_CIPHER_get_name(SSL_CIPHER *c) +const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) { if (c != NULL) return(c->name); @@ -1088,7 +1088,7 @@ const char *SSL_CIPHER_get_name(SSL_CIPHER *c) } /* number of bits for symmetric cipher */ -int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits) +int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) { int ret=0; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 65eefee199..29b8ff4788 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -193,6 +193,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_PACK(0,SSL_F_SSL_SET_TRUST,0), "SSL_set_trust"}, {ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"}, {ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0), "SSL_shutdown"}, +{ERR_PACK(0,SSL_F_SSL_UNDEFINED_CONST_FUNCTION,0), "SSL_UNDEFINED_CONST_FUNCTION"}, {ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"}, {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"}, {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1f625cb074..631229558f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -501,18 +501,18 @@ void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) s->wbio=wbio; } -BIO *SSL_get_rbio(SSL *s) +BIO *SSL_get_rbio(const SSL *s) { return(s->rbio); } -BIO *SSL_get_wbio(SSL *s) +BIO *SSL_get_wbio(const SSL *s) { return(s->wbio); } -int SSL_get_fd(SSL *s) +int SSL_get_fd(const SSL *s) { return(SSL_get_rfd(s)); } -int SSL_get_rfd(SSL *s) +int SSL_get_rfd(const SSL *s) { int ret= -1; BIO *b,*r; @@ -524,7 +524,7 @@ int SSL_get_rfd(SSL *s) return(ret); } -int SSL_get_wfd(SSL *s) +int SSL_get_wfd(const SSL *s) { int ret= -1; BIO *b,*r; @@ -606,7 +606,7 @@ err: /* return length of latest Finished message we sent, copy to 'buf' */ -size_t SSL_get_finished(SSL *s, void *buf, size_t count) +size_t SSL_get_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; @@ -621,7 +621,7 @@ size_t SSL_get_finished(SSL *s, void *buf, size_t count) } /* return length of latest Finished message we expected, copy to 'buf' */ -size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count) +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; @@ -636,32 +636,32 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count) } -int SSL_get_verify_mode(SSL *s) +int SSL_get_verify_mode(const SSL *s) { return(s->verify_mode); } -int SSL_get_verify_depth(SSL *s) +int SSL_get_verify_depth(const SSL *s) { return(s->verify_depth); } -int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *) +int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) { return(s->verify_callback); } -int SSL_CTX_get_verify_mode(SSL_CTX *ctx) +int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { return(ctx->verify_mode); } -int SSL_CTX_get_verify_depth(SSL_CTX *ctx) +int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) { return(ctx->verify_depth); } -int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *) +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) { return(ctx->default_verify_callback); } @@ -684,12 +684,12 @@ void SSL_set_read_ahead(SSL *s,int yes) s->read_ahead=yes; } -int SSL_get_read_ahead(SSL *s) +int SSL_get_read_ahead(const SSL *s) { return(s->read_ahead); } -int SSL_pending(SSL *s) +int SSL_pending(const SSL *s) { /* SSL_pending cannot work properly if read-ahead is enabled * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), @@ -701,7 +701,7 @@ int SSL_pending(SSL *s) return(s->method->ssl_pending(s)); } -X509 *SSL_get_peer_certificate(SSL *s) +X509 *SSL_get_peer_certificate(const SSL *s) { X509 *r; @@ -717,7 +717,7 @@ X509 *SSL_get_peer_certificate(SSL *s) return(r); } -STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s) +STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) { STACK_OF(X509) *r; @@ -734,7 +734,7 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s) /* Now in theory, since the calling process own 't' it should be safe to * modify. We need to be able to read f without being hassled */ -void SSL_copy_session_id(SSL *t,SSL *f) +void SSL_copy_session_id(SSL *t,const SSL *f) { CERT *tmp; @@ -763,7 +763,7 @@ void SSL_copy_session_id(SSL *t,SSL *f) } /* Fix this so it checks all the valid key/cert options */ -int SSL_CTX_check_private_key(SSL_CTX *ctx) +int SSL_CTX_check_private_key(const SSL_CTX *ctx) { if ( (ctx == NULL) || (ctx->cert == NULL) || @@ -781,7 +781,7 @@ int SSL_CTX_check_private_key(SSL_CTX *ctx) } /* Fix this function so that it takes an optional type parameter */ -int SSL_check_private_key(SSL *ssl) +int SSL_check_private_key(const SSL *ssl) { if (ssl == NULL) { @@ -825,7 +825,7 @@ int SSL_connect(SSL *s) return(s->method->ssl_connect(s)); } -long SSL_get_default_timeout(SSL *s) +long SSL_get_default_timeout(const SSL *s) { return(s->method->get_timeout()); } @@ -1072,7 +1072,7 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, /** return a STACK of the ciphers available for the SSL and in order of * preference */ -STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) +STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) { if (s != NULL) { @@ -1109,7 +1109,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) } /** The old interface to get the same thing as SSL_get_ciphers() */ -const char *SSL_get_cipher_list(SSL *s,int n) +const char *SSL_get_cipher_list(const SSL *s,int n) { SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; @@ -1146,7 +1146,7 @@ int SSL_set_cipher_list(SSL *s,const char *str) } /* works well for SSLv2, not so good for SSLv3 */ -char *SSL_get_shared_ciphers(SSL *s,char *buf,int len) +char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) { char *p; const char *cp; @@ -1250,7 +1250,7 @@ err: return(NULL); } -unsigned long SSL_SESSION_hash(SSL_SESSION *a) +unsigned long SSL_SESSION_hash(const SSL_SESSION *a) { unsigned long l; @@ -1267,7 +1267,7 @@ unsigned long SSL_SESSION_hash(SSL_SESSION *a) * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being * able to construct an SSL_SESSION that will collide with any existing session * with a matching session ID. */ -int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b) +int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) { if (a->ssl_version != b->ssl_version) return(1); @@ -1731,7 +1731,7 @@ int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth) return(ret); } -int SSL_get_error(SSL *s,int i) +int SSL_get_error(const SSL *s,int i) { int reason; unsigned long l; @@ -1865,13 +1865,19 @@ int ssl_undefined_function(SSL *s) return(0); } +int ssl_undefined_const_function(const SSL *s) + { + SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return(0); + } + SSL_METHOD *ssl_bad_method(int ver) { SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(NULL); } -const char *SSL_get_version(SSL *s) +const char *SSL_get_version(const SSL *s) { if (s->version == TLS1_VERSION) return("TLSv1"); @@ -2040,7 +2046,7 @@ void ssl_clear_cipher_ctx(SSL *s) } /* Fix this function so that it takes an optional type parameter */ -X509 *SSL_get_certificate(SSL *s) +X509 *SSL_get_certificate(const SSL *s) { if (s->cert != NULL) return(s->cert->key->x509); @@ -2057,7 +2063,7 @@ EVP_PKEY *SSL_get_privatekey(SSL *s) return(NULL); } -SSL_CIPHER *SSL_get_current_cipher(SSL *s) +SSL_CIPHER *SSL_get_current_cipher(const SSL *s) { if ((s->session != NULL) && (s->session->cipher != NULL)) return(s->session->cipher); @@ -2121,7 +2127,7 @@ void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) ctx->quiet_shutdown=mode; } -int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx) +int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) { return(ctx->quiet_shutdown); } @@ -2131,7 +2137,7 @@ void SSL_set_quiet_shutdown(SSL *s,int mode) s->quiet_shutdown=mode; } -int SSL_get_quiet_shutdown(SSL *s) +int SSL_get_quiet_shutdown(const SSL *s) { return(s->quiet_shutdown); } @@ -2141,17 +2147,17 @@ void SSL_set_shutdown(SSL *s,int mode) s->shutdown=mode; } -int SSL_get_shutdown(SSL *s) +int SSL_get_shutdown(const SSL *s) { return(s->shutdown); } -int SSL_version(SSL *s) +int SSL_version(const SSL *s) { return(s->version); } -SSL_CTX *SSL_get_SSL_CTX(SSL *ssl) +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return(ssl->ctx); } @@ -2177,12 +2183,12 @@ void SSL_set_info_callback(SSL *ssl, ssl->info_callback=cb; } -void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val) +void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val) { return ssl->info_callback; } -int SSL_state(SSL *ssl) +int SSL_state(const SSL *ssl) { return(ssl->state); } @@ -2192,7 +2198,7 @@ void SSL_set_verify_result(SSL *ssl,long arg) ssl->verify_result=arg; } -long SSL_get_verify_result(SSL *ssl) +long SSL_get_verify_result(const SSL *ssl) { return(ssl->verify_result); } @@ -2209,7 +2215,7 @@ int SSL_set_ex_data(SSL *s,int idx,void *arg) return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); } -void *SSL_get_ex_data(SSL *s,int idx) +void *SSL_get_ex_data(const SSL *s,int idx) { return(CRYPTO_get_ex_data(&s->ex_data,idx)); } @@ -2226,7 +2232,7 @@ int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); } -void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx) +void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) { return(CRYPTO_get_ex_data(&s->ex_data,idx)); } @@ -2236,7 +2242,7 @@ int ssl_ok(SSL *s) return(1); } -X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx) +X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) { return(ctx->cert_store); } @@ -2248,7 +2254,7 @@ void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) ctx->cert_store=store; } -int SSL_want(SSL *s) +int SSL_want(const SSL *s) { return(s->rwstate); } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index ca34c8b8f0..25a144a0d0 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -499,10 +499,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, STACK_OF(SSL_CIPHER) **sorted, const char *rule_str); void ssl_update_cache(SSL *s, int mode); -int ssl_cipher_get_evp(SSL_SESSION *s,const EVP_CIPHER **enc,const EVP_MD **md, - SSL_COMP **comp); +int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, + const EVP_MD **md,SSL_COMP **comp); int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); int ssl_undefined_function(SSL *s); +int ssl_undefined_const_function(const SSL *s); X509 *ssl_get_server_send_cert(SSL *); EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); int ssl_cert_type(X509 *x,EVP_PKEY *pkey); @@ -536,7 +537,7 @@ long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)()); long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); -int ssl2_pending(SSL *s); +int ssl2_pending(const SSL *s); SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); @@ -584,7 +585,7 @@ long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)()); long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); -int ssl3_pending(SSL *s); +int ssl3_pending(const SSL *s); int ssl23_accept(SSL *s); int ssl23_connect(SSL *s); diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 330390519b..fb0bd4d045 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -804,7 +804,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) /* When the while loop ends, it's usually just EOF. */ err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) - (void)ERR_get_error(); + ERR_clear_error(); else ret = 0; /* some real error */ } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 8e896870c1..5f12aa361c 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -65,7 +65,7 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); -SSL_SESSION *SSL_get_session(SSL *ssl) +SSL_SESSION *SSL_get_session(const SSL *ssl) /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ { return(ssl->session); @@ -98,7 +98,7 @@ int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); } -void *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx) +void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) { return(CRYPTO_get_ex_data(&s->ex_data,idx)); } @@ -610,13 +610,13 @@ long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) return(1); } -long SSL_SESSION_get_timeout(SSL_SESSION *s) +long SSL_SESSION_get_timeout(const SSL_SESSION *s) { if (s == NULL) return(0); return(s->timeout); } -long SSL_SESSION_get_time(SSL_SESSION *s) +long SSL_SESSION_get_time(const SSL_SESSION *s) { if (s == NULL) return(0); return(s->time); @@ -638,7 +638,7 @@ long SSL_CTX_set_timeout(SSL_CTX *s, long t) return(l); } -long SSL_CTX_get_timeout(SSL_CTX *s) +long SSL_CTX_get_timeout(const SSL_CTX *s) { if (s == NULL) return(0); return(s->session_timeout); diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 40b76b1b26..8655a31333 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -61,7 +61,7 @@ #include "ssl_locl.h" #ifndef OPENSSL_NO_FP_API -int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x) +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) { BIO *b; int ret; @@ -78,7 +78,7 @@ int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x) } #endif -int SSL_SESSION_print(BIO *bp, SSL_SESSION *x) +int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { unsigned int i; char *s; |