Commit ccd86b68 authored by Geoff Thorpe's avatar Geoff Thorpe
Browse files

The previous commit to crypto/stack/*.[ch] pulled the type-safety strings 

yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;

X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).

Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
parent 7bb70435

CHANGES

+9 −0
Original line number Diff line number Diff line
@@ -4,6 +4,15 @@ 


 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]



  *) The STACK code has been cleaned up, and certain type declarations

     that didn't make a lot of sense have been brought in line. This has

     also involved a cleanup of sorts in safestack.h to more correctly

     map type-safe stack functions onto their plain stack counterparts.

     This work has also resulted in a variety of "const"ifications of

     lots of the code, especially "_cmp" operations which should normally

     be prototyped with "const" parameters anyway.

     [Geoff Thorpe]



  *) When generating bytes for the first time in md_rand.c, 'stir the pool'

     by seeding with STATE_SIZE dummy bytes (with zero entropy count).

     (The PRNG state consists of two parts, the large pool 'state' and 'md',

crypto/asn1/a_strnid.c

+4 −2
Original line number Diff line number Diff line
@@ -65,7 +65,8 @@ 


static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;

static void st_free(ASN1_STRING_TABLE *tbl);

static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b);

static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,

			const ASN1_STRING_TABLE * const *b);

static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b);
@@ -173,7 +174,8 @@ static ASN1_STRING_TABLE tbl_standard[] = { 
{NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}

};



static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b)

static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,

			const ASN1_STRING_TABLE * const *b)

{

	return (*a)->nid - (*b)->nid;

}

crypto/asn1/x_crl.c

+10 −5
Original line number Diff line number Diff line
@@ -61,8 +61,10 @@ 
#include <openssl/asn1_mac.h>

#include <openssl/x509.h>



static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b);

static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b);

static int X509_REVOKED_cmp(const X509_REVOKED * const *a,

				const X509_REVOKED * const *b);

static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,

				const X509_REVOKED * const *b);

int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)

	{

	M_ASN1_I2D_vars(a);
@@ -100,7 +102,8 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp) 
	{

	int v1=0;

	long l=0;

	int (*old_cmp)(X509_REVOKED **,X509_REVOKED **);

	int (*old_cmp)(const X509_REVOKED * const *,

			const X509_REVOKED * const *);

	M_ASN1_I2D_vars(a);

	

	old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
@@ -325,14 +328,16 @@ void X509_CRL_free(X509_CRL *a) 
	Free(a);

	}



static int X509_REVOKED_cmp(X509_REVOKED **a, X509_REVOKED **b)

static int X509_REVOKED_cmp(const X509_REVOKED * const *a,

			const X509_REVOKED * const *b)

	{

	return(ASN1_STRING_cmp(

		(ASN1_STRING *)(*a)->serialNumber,

		(ASN1_STRING *)(*b)->serialNumber));

	}



static int X509_REVOKED_seq_cmp(X509_REVOKED **a, X509_REVOKED **b)

static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,

				const X509_REVOKED * const *b)

	{

	return((*a)->sequence-(*b)->sequence);

	}

crypto/pkcs7/pk7_mime.c

+8 −4
Original line number Diff line number Diff line
@@ -94,8 +94,10 @@ static char * strip_end(char *name); 
static MIME_HEADER *mime_hdr_new(char *name, char *value);

static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);

static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);

static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b);

static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b);

static int mime_hdr_cmp(const MIME_HEADER * const *a,

			const MIME_HEADER * const *b);

static int mime_param_cmp(const MIME_PARAM * const *a,

			const MIME_PARAM * const *b);

static void mime_param_free(MIME_PARAM *param);

static int mime_bound_check(char *line, int linelen, char *bound, int blen);

static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
@@ -614,12 +616,14 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) 
	return 1;

}



static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b)

static int mime_hdr_cmp(const MIME_HEADER * const *a,

			const MIME_HEADER * const *b)

{

	return(strcmp((*a)->name, (*b)->name));

}



static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b)

static int mime_param_cmp(const MIME_PARAM * const *a,

			const MIME_PARAM * const *b)

{

	return(strcmp((*a)->param_name, (*b)->param_name));

}

crypto/x509/x509.h

+14 −11
Original line number Diff line number Diff line
@@ -659,10 +659,13 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); 
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);

int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);



int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len);

int X509_CRL_digest(X509_CRL *data,const EVP_MD *type,unsigned char *md,unsigned int *len);

int X509_REQ_digest(X509_REQ *data,const EVP_MD *type,unsigned char *md,unsigned int *len);

int X509_NAME_digest(X509_NAME *data,const EVP_MD *type,

int X509_digest(const X509 *data,const EVP_MD *type,

		unsigned char *md, unsigned int *len);

int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,

		unsigned char *md, unsigned int *len);

int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,

		unsigned char *md, unsigned int *len);

int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,

		unsigned char *md, unsigned int *len);

#endif
@@ -963,20 +966,20 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, 


int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);



int		X509_issuer_and_serial_cmp(X509 *a, X509 *b);

int		X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);

unsigned long	X509_issuer_and_serial_hash(X509 *a);



int		X509_issuer_name_cmp(X509 *a, X509 *b);

int		X509_issuer_name_cmp(const X509 *a, const X509 *b);

unsigned long	X509_issuer_name_hash(X509 *a);



int		X509_subject_name_cmp(X509 *a,X509 *b);

int		X509_subject_name_cmp(const X509 *a, const X509 *b);

unsigned long	X509_subject_name_hash(X509 *x);



int		X509_cmp (X509 *a, X509 *b);

int		X509_NAME_cmp (X509_NAME *a, X509_NAME *b);

int		X509_cmp(const X509 *a, const X509 *b);

int		X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);

unsigned long	X509_NAME_hash(X509_NAME *x);



int		X509_CRL_cmp(X509_CRL *a,X509_CRL *b);

int		X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);

#ifndef NO_FP_API

int		X509_print_fp(FILE *bp,X509 *x);

int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);