Const-correct a few X509_PURPOSE and X509_TRUST functions

These bits need more work (and possibly some removal) as they're very,
very far from thread-safe, but rust-openssl relies on them being
const-correct when targetting OpenSSL 1.1.x.

Change-Id: I60531c7e90dbdbcb79c09fc440bd7c6b474172df
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60607
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index 13e5eca..71cf71d 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -168,7 +168,7 @@
 }
 
 int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
-                   char *name, int arg1, void *arg2) {
+                   const char *name, int arg1, void *arg2) {
   int idx;
   X509_TRUST *trtmp;
   char *name_dup;
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 34ce33e..1f5a88c 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -177,10 +177,9 @@
   return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
 }
 
-int X509_PURPOSE_get_by_sname(char *sname) {
-  int i;
+int X509_PURPOSE_get_by_sname(const char *sname) {
   X509_PURPOSE *xptmp;
-  for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+  for (int i = 0; i < X509_PURPOSE_get_count(); i++) {
     xptmp = X509_PURPOSE_get0(i);
     if (!strcmp(xptmp->sname, sname)) {
       return i;
@@ -209,8 +208,7 @@
 
 int X509_PURPOSE_add(int id, int trust, int flags,
                      int (*ck)(const X509_PURPOSE *, const X509 *, int),
-                     char *name, char *sname, void *arg) {
-  int idx;
+                     const char *name, const char *sname, void *arg) {
   X509_PURPOSE *ptmp;
   char *name_dup, *sname_dup;
 
@@ -219,7 +217,7 @@
   // This will always be set for application modified trust entries
   flags |= X509_PURPOSE_DYNAMIC_NAME;
   // Get existing entry if any
-  idx = X509_PURPOSE_get_by_id(id);
+  int idx = X509_PURPOSE_get_by_id(id);
   // Need a new entry
   if (idx == -1) {
     if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index b2ac3db..c41b3a5 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -2529,7 +2529,7 @@
 OPENSSL_EXPORT int X509_TRUST_get_by_id(int id);
 OPENSSL_EXPORT int X509_TRUST_add(int id, int flags,
                                   int (*ck)(X509_TRUST *, X509 *, int),
-                                  char *name, int arg1, void *arg2);
+                                  const char *name, int arg1, void *arg2);
 OPENSSL_EXPORT void X509_TRUST_cleanup(void);
 OPENSSL_EXPORT int X509_TRUST_get_flags(const X509_TRUST *xp);
 OPENSSL_EXPORT char *X509_TRUST_get0_name(const X509_TRUST *xp);
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index f5ea413..2a2e02c 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -906,12 +906,13 @@
 
 OPENSSL_EXPORT int X509_PURPOSE_get_count(void);
 OPENSSL_EXPORT X509_PURPOSE *X509_PURPOSE_get0(int idx);
-OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(char *sname);
+OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(const char *sname);
 OPENSSL_EXPORT int X509_PURPOSE_get_by_id(int id);
 OPENSSL_EXPORT int X509_PURPOSE_add(int id, int trust, int flags,
                                     int (*ck)(const X509_PURPOSE *,
                                               const X509 *, int),
-                                    char *name, char *sname, void *arg);
+                                    const char *name, const char *sname,
+                                    void *arg);
 OPENSSL_EXPORT char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
 OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
 OPENSSL_EXPORT int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);