Google Git
Sign in
boringssl/boringssl.git/04b2d6162ad817e3b59602c7e5dab5619e8e5b79^!/.
commit
04b2d6162ad817e3b59602c7e5dab5619e8e5b79
[log]
author
David Benjamin <davidben@google.com>
Mon Dec 25 17:12:27 2023 -0500
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Wed Jan 10 18:10:20 2024 +0000
tree
2e97fa4b5de1c34e6d8c8d4d15079c59824f26f3
parent
e9539957ce42b07dc6f8b9bd23c28c7d2ef2bd3b [diff]
Const-correct a bunch of X509_STORE_CTX functions

Change-Id: I58e66f300b4705d03ae642ac421a67cb12f0312f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65148
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 539d6fa..bda1a3e 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c

@@ -587,4 +587,6 @@
   ctx->check_crl = check_crl;
 }
 
-X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx) { return ctx->ctx; }
+X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx) {
+  return ctx->ctx;
+}

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index a19dd44..f8f152b 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c

@@ -1427,40 +1427,40 @@
   return CRYPTO_get_ex_data(&ctx->ex_data, idx);
 }
 
-int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) { return ctx->error; }
+int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx) { return ctx->error; }
 
 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) {
   ctx->error = err;
 }
 
-int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) {
+int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx) {
   return ctx->error_depth;
 }
 
-X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) {
+X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx) {
   return ctx->current_cert;
 }
 
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) {
+STACK_OF(X509) *X509_STORE_CTX_get_chain(const X509_STORE_CTX *ctx) {
   return ctx->chain;
 }
 
-STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) {
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx) {
   return ctx->chain;
 }
 
-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) {
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx) {
   if (!ctx->chain) {
     return NULL;
   }
   return X509_chain_up_ref(ctx->chain);
 }
 
-X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) {
+X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx) {
   return ctx->current_crl;
 }
 
-X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) {
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx) {
   // In OpenSSL, an |X509_STORE_CTX| sometimes has a parent context during CRL
   // path validation for indirect CRLs. We require the CRL to be issued
   // somewhere along the certificate path, so this is always NULL.
@@ -1471,7 +1471,7 @@
   ctx->untrusted = sk;
 }
 
-STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) {
+STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx) {
   return ctx->untrusted;
 }
 
@@ -1650,9 +1650,7 @@
   X509_STORE_CTX_set_time_posix(ctx, flags, t);
 }
 
-X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) {
-  return ctx->cert;
-}
+X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx) { return ctx->cert; }
 
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
                                   int (*verify_cb)(int, X509_STORE_CTX *)) {

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 9a51f11..218cf40 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h

@@ -3396,7 +3396,7 @@
 
 // X509_STORE_CTX_get0_parent_ctx returns NULL.
 OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(
-    X509_STORE_CTX *ctx);
+    const X509_STORE_CTX *ctx);
 
 // X509_OBJECT_free_contents sets |obj| to the empty object, freeing any values
 // that were previously there.
@@ -3430,7 +3430,8 @@
 #define X509_STORE_get1_crls X509_STORE_CTX_get1_crls
 
 // X509_STORE_CTX_get_chain is a legacy alias for |X509_STORE_CTX_get0_chain|.
-OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(
+    const X509_STORE_CTX *ctx);
 
 // X509_STORE_CTX_trusted_stack is a deprecated alias for
 // |X509_STORE_CTX_set0_trusted_stack|.
@@ -3899,11 +3900,11 @@
                                                       STACK_OF(X509) *sk);
 
 // X509_STORE_CTX_get0_store returns the |X509_STORE| that |ctx| uses.
-OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
 
 // X509_STORE_CTX_get0_cert returns the leaf certificate that |ctx| is
 // verifying.
-OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
 
 OPENSSL_EXPORT X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v,
                                                   const X509_LOOKUP_METHOD *m);
@@ -3940,7 +3941,7 @@
 //
 // If called during the deprecated verification callback when |ok| is zero, it
 // returns the current error under consideration.
-OPENSSL_EXPORT int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx);
 
 // X509_STORE_CTX_set_error sets |ctx|'s error to |err|, which should be
 // |X509_V_OK| or an |X509_V_ERR_*| constant. It is not expected to be called in
@@ -3953,10 +3954,11 @@
 // by |X509_STORE_CTX_get_error| occured. This is zero-indexed integer into the
 // certificate chain. Zero indicates the target certificate, one its issuer, and
 // so on.
-OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx);
 
-OPENSSL_EXPORT X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
-OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
+OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(
+    const X509_STORE_CTX *ctx);
 
 // X509_STORE_CTX_get0_chain, after a successful |X509_verify_cert| call,
 // returns the verified certificate chain. The chain begins with the leaf and
@@ -3966,16 +3968,18 @@
 // verification callback, it returns the partial chain built so far. Callers
 // should avoid relying on this as this exposes unstable library implementation
 // details.
-OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(
+    const X509_STORE_CTX *ctx);
 
 // X509_STORE_CTX_get1_chain behaves like |X509_STORE_CTX_get0_chain| but
 // returns a newly-allocated |STACK_OF(X509)| containing the completed chain,
 // with each certificate's reference count incremented. Callers must free the
 // result with |sk_X509_pop_free| and |X509_free| when done.
-OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(
+    const X509_STORE_CTX *ctx);
 
 OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(
-    X509_STORE_CTX *ctx);
+    const X509_STORE_CTX *ctx);
 OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,
                                              STACK_OF(X509_CRL) *sk);
 OPENSSL_EXPORT int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);