Mark all SSL_CIPHERs as const.
This lets us put the SSL_CIPHER table in the data section. For type-checking,
make STACK_OF(SSL_CIPHER) cast everything to const SSL_CIPHER*.
Note that this will require some changes in consumers which weren't using a
const SSL_CIPHER *.
Change-Id: Iff734ac0e36f9e5c4a0f3c8411c7f727b820469c
Reviewed-on: https://boringssl-review.googlesource.com/1541
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/stack/make_macros.sh b/crypto/stack/make_macros.sh
index 84ca478..f72aa33 100644
--- a/crypto/stack/make_macros.sh
+++ b/crypto/stack/make_macros.sh
@@ -1,6 +1,8 @@
#!/bin/sh
-cat > stack_macros.h << EOF
+include_dir=../../include/openssl
+
+cat > "${include_dir}/stack_macros.h" << EOF
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -23,12 +25,12 @@
output_stack () {
type=$1
- star=$2
+ ptrtype=$2
- cat >> stack_macros.h << EOF
+ cat >> "${include_dir}/stack_macros.h" << EOF
/* ${type} */
#define sk_${type}_new(comp)\\
- ((STACK_OF(${type})*) sk_new(CHECKED_CAST(stack_cmp_func, int (*) (const ${type} *${star}a, const ${type} *${star}b), comp)))
+ ((STACK_OF(${type})*) sk_new(CHECKED_CAST(stack_cmp_func, int (*) (const ${ptrtype} *a, const ${ptrtype} *b), comp)))
#define sk_${type}_new_null()\\
((STACK_OF(${type})*) sk_new_null())
@@ -40,37 +42,37 @@
sk_zero(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk));
#define sk_${type}_value(sk, i)\\
- ((${type}${star}) sk_value(CHECKED_CAST(_STACK*, const STACK_OF(${type})*, sk), (i)))
+ ((${ptrtype}) sk_value(CHECKED_CAST(_STACK*, const STACK_OF(${type})*, sk), (i)))
#define sk_${type}_set(sk, i, p)\\
- ((${type}${star}) sk_set(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), (i), CHECKED_CAST(void*, ${type}${star}, p)))
+ ((${ptrtype}) sk_set(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), (i), CHECKED_CAST(void*, ${ptrtype}, p)))
#define sk_${type}_free(sk)\\
sk_free(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk))
#define sk_${type}_pop_free(sk, free_func)\\
- sk_pop_free(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), CHECKED_CAST(void (*) (void*), void (*) (${type}${star}), free_func))
+ sk_pop_free(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), CHECKED_CAST(void (*) (void*), void (*) (${ptrtype}), free_func))
#define sk_${type}_insert(sk, p, where)\\
- sk_insert(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), CHECKED_CAST(void*, ${type}${star}, p), (where))
+ sk_insert(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), CHECKED_CAST(void*, ${ptrtype}, p), (where))
#define sk_${type}_delete(sk, where)\\
- ((${type}${star}) sk_delete(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), (where)))
+ ((${ptrtype}) sk_delete(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), (where)))
#define sk_${type}_delete_ptr(sk, p)\\
- ((${type}${star}) sk_delete_ptr(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), CHECKED_CAST(void*, ${type}${star}, p)))
+ ((${ptrtype}) sk_delete_ptr(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), CHECKED_CAST(void*, ${ptrtype}, p)))
#define sk_${type}_find(sk, out_index, p)\\
- sk_find(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), (out_index), CHECKED_CAST(void*, ${type}${star}, p))
+ sk_find(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), (out_index), CHECKED_CAST(void*, ${ptrtype}, p))
#define sk_${type}_shift(sk)\\
- ((${type}${star}) sk_shift(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk)))
+ ((${ptrtype}) sk_shift(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk)))
#define sk_${type}_push(sk, p)\\
- sk_push(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), CHECKED_CAST(void*, ${type}${star}, p))
+ sk_push(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), CHECKED_CAST(void*, ${ptrtype}, p))
#define sk_${type}_pop(sk)\\
- ((${type}${star}) sk_pop(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk)))
+ ((${ptrtype}) sk_pop(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk)))
#define sk_${type}_dup(sk)\\
((STACK_OF(${type})*) sk_dup(CHECKED_CAST(_STACK*, const STACK_OF(${type})*, sk)))
@@ -88,17 +90,23 @@
EOF
}
-stack_types=$(cat stack.h | grep '^ \* STACK_OF:' | sed -e 's/.*STACK_OF://' -e 's/ .*//')
-special_stack_types=$(cat stack.h | grep '^ \* SPECIAL_STACK_OF:' | sed -e 's/.*SPECIAL_STACK_OF://' -e 's/ .*//')
+stack_types=$(cat "${include_dir}/stack.h" | grep '^ \* STACK_OF:' | sed -e 's/.*STACK_OF://' -e 's/ .*//')
+const_stack_types=$(cat "${include_dir}/stack.h" | grep '^ \* CONST_STACK_OF:' | sed -e 's/.*CONST_STACK_OF://' -e 's/ .*//')
+special_stack_types=$(cat "${include_dir}/stack.h" | grep '^ \* SPECIAL_STACK_OF:' | sed -e 's/.*SPECIAL_STACK_OF://' -e 's/ .*//')
for type in $stack_types; do
echo Stack of ${type}
- output_stack "${type}" "*"
+ output_stack "${type}" "${type} *"
+done
+
+for type in $const_stack_types; do
+ echo Stack of ${type}
+ output_stack "${type}" "const ${type} *"
done
for type in $special_stack_types; do
echo Stack of ${type}
- output_stack "${type}" ""
+ output_stack "${type}" "${type}"
done
-clang-format -i stack_macros.h
+clang-format -i "${include_dir}/stack_macros.h"
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 49fccd8..c48be73 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -333,7 +333,7 @@
DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, const SSL_CIPHER **cipher, void *arg);
#ifndef OPENSSL_NO_SSL_INTERN
diff --git a/include/openssl/stack.h b/include/openssl/stack.h
index 55e9508..0fb95cb 100644
--- a/include/openssl/stack.h
+++ b/include/openssl/stack.h
@@ -146,7 +146,6 @@
* STACK_OF:POLICYQUALINFO
* STACK_OF:POLICY_MAPPING
* STACK_OF:SRTP_PROTECTION_PROFILE
- * STACK_OF:SSL_CIPHER
* STACK_OF:SSL_COMP
* STACK_OF:STACK_OF_X509_NAME_ENTRY
* STACK_OF:SXNETID
@@ -160,7 +159,6 @@
* STACK_OF:X509_LOOKUP
* STACK_OF:X509_NAME
* STACK_OF:X509_NAME_ENTRY
- * STACK_OF:X509_NAME_ENTRY
* STACK_OF:X509_OBJECT
* STACK_OF:X509_POLICY_DATA
* STACK_OF:X509_POLICY_NODE
@@ -168,7 +166,12 @@
* STACK_OF:X509_REVOKED
* STACK_OF:X509_TRUST
* STACK_OF:X509_VERIFY_PARAM
- * STACK_OF:void */
+ * STACK_OF:void
+ *
+ * We declare STACK_OF(SSL_CIPHER) differently; every SSL_CIPHER is const,
+ * so the stack should return const pointers to retain type-checking.
+ *
+ * CONST_STACK_OF:SSL_CIPHER */
/* Some stacks are special because, although we would like STACK_OF(char *),
diff --git a/include/openssl/stack_macros.h b/include/openssl/stack_macros.h
index 52924c8..0370899 100644
--- a/include/openssl/stack_macros.h
+++ b/include/openssl/stack_macros.h
@@ -96,6 +96,7 @@
const ACCESS_DESCRIPTION **b), \
comp)))
+
/* ASN1_ADB_TABLE */
#define sk_ASN1_ADB_TABLE_new(comp) \
((STACK_OF(ASN1_ADB_TABLE) *)sk_new(CHECKED_CAST( \
@@ -174,6 +175,7 @@
const ASN1_ADB_TABLE **b), \
comp)))
+
/* ASN1_GENERALSTRING */
#define sk_ASN1_GENERALSTRING_new(comp) \
((STACK_OF(ASN1_GENERALSTRING) *)sk_new(CHECKED_CAST( \
@@ -254,6 +256,7 @@
const ASN1_GENERALSTRING **b), \
comp)))
+
/* ASN1_INTEGER */
#define sk_ASN1_INTEGER_new(comp) \
((STACK_OF(ASN1_INTEGER) *)sk_new(CHECKED_CAST( \
@@ -330,6 +333,7 @@
int (*)(const ASN1_INTEGER **a, const ASN1_INTEGER **b), \
comp)))
+
/* ASN1_OBJECT */
#define sk_ASN1_OBJECT_new(comp) \
((STACK_OF(ASN1_OBJECT) *)sk_new(CHECKED_CAST( \
@@ -404,6 +408,7 @@
int (*)(const ASN1_OBJECT **a, const ASN1_OBJECT **b), \
comp)))
+
/* ASN1_STRING_TABLE */
#define sk_ASN1_STRING_TABLE_new(comp) \
((STACK_OF(ASN1_STRING_TABLE) *)sk_new(CHECKED_CAST( \
@@ -484,6 +489,7 @@
const ASN1_STRING_TABLE **b), \
comp)))
+
/* ASN1_TYPE */
#define sk_ASN1_TYPE_new(comp) \
((STACK_OF(ASN1_TYPE) *)sk_new( \
@@ -557,6 +563,7 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const ASN1_TYPE **a, const ASN1_TYPE **b), comp)))
+
/* ASN1_VALUE */
#define sk_ASN1_VALUE_new(comp) \
((STACK_OF(ASN1_VALUE) *)sk_new(CHECKED_CAST( \
@@ -631,6 +638,7 @@
int (*)(const ASN1_VALUE **a, const ASN1_VALUE **b), \
comp)))
+
/* BIO */
#define sk_BIO_new(comp) \
((STACK_OF(BIO) *)sk_new(CHECKED_CAST( \
@@ -694,6 +702,7 @@
CHECKED_CAST(stack_cmp_func, int (*)(const BIO **a, const BIO **b), \
comp)))
+
/* BY_DIR_ENTRY */
#define sk_BY_DIR_ENTRY_new(comp) \
((STACK_OF(BY_DIR_ENTRY) *)sk_new(CHECKED_CAST( \
@@ -770,6 +779,7 @@
int (*)(const BY_DIR_ENTRY **a, const BY_DIR_ENTRY **b), \
comp)))
+
/* BY_DIR_HASH */
#define sk_BY_DIR_HASH_new(comp) \
((STACK_OF(BY_DIR_HASH) *)sk_new(CHECKED_CAST( \
@@ -844,6 +854,7 @@
int (*)(const BY_DIR_HASH **a, const BY_DIR_HASH **b), \
comp)))
+
/* CONF_VALUE */
#define sk_CONF_VALUE_new(comp) \
((STACK_OF(CONF_VALUE) *)sk_new(CHECKED_CAST( \
@@ -918,6 +929,7 @@
int (*)(const CONF_VALUE **a, const CONF_VALUE **b), \
comp)))
+
/* CRYPTO_EX_DATA_FUNCS */
#define sk_CRYPTO_EX_DATA_FUNCS_new(comp) \
((STACK_OF(CRYPTO_EX_DATA_FUNCS) *)sk_new(CHECKED_CAST( \
@@ -1000,6 +1012,7 @@
const CRYPTO_EX_DATA_FUNCS **b), \
comp)))
+
/* DIST_POINT */
#define sk_DIST_POINT_new(comp) \
((STACK_OF(DIST_POINT) *)sk_new(CHECKED_CAST( \
@@ -1074,6 +1087,7 @@
int (*)(const DIST_POINT **a, const DIST_POINT **b), \
comp)))
+
/* GENERAL_NAME */
#define sk_GENERAL_NAME_new(comp) \
((STACK_OF(GENERAL_NAME) *)sk_new(CHECKED_CAST( \
@@ -1150,6 +1164,7 @@
int (*)(const GENERAL_NAME **a, const GENERAL_NAME **b), \
comp)))
+
/* GENERAL_NAMES */
#define sk_GENERAL_NAMES_new(comp) \
((STACK_OF(GENERAL_NAMES) *)sk_new(CHECKED_CAST( \
@@ -1227,6 +1242,7 @@
int (*)(const GENERAL_NAMES **a, const GENERAL_NAMES **b), \
comp)))
+
/* GENERAL_SUBTREE */
#define sk_GENERAL_SUBTREE_new(comp) \
((STACK_OF(GENERAL_SUBTREE) *)sk_new(CHECKED_CAST( \
@@ -1306,6 +1322,7 @@
const GENERAL_SUBTREE **b), \
comp)))
+
/* MIME_HEADER */
#define sk_MIME_HEADER_new(comp) \
((STACK_OF(MIME_HEADER) *)sk_new(CHECKED_CAST( \
@@ -1380,6 +1397,7 @@
int (*)(const MIME_HEADER **a, const MIME_HEADER **b), \
comp)))
+
/* PKCS7_SIGNER_INFO */
#define sk_PKCS7_SIGNER_INFO_new(comp) \
((STACK_OF(PKCS7_SIGNER_INFO) *)sk_new(CHECKED_CAST( \
@@ -1460,6 +1478,7 @@
const PKCS7_SIGNER_INFO **b), \
comp)))
+
/* PKCS7_RECIP_INFO */
#define sk_PKCS7_RECIP_INFO_new(comp) \
((STACK_OF(PKCS7_RECIP_INFO) *)sk_new(CHECKED_CAST( \
@@ -1539,6 +1558,7 @@
const PKCS7_RECIP_INFO **b), \
comp)))
+
/* POLICYINFO */
#define sk_POLICYINFO_new(comp) \
((STACK_OF(POLICYINFO) *)sk_new(CHECKED_CAST( \
@@ -1613,6 +1633,7 @@
int (*)(const POLICYINFO **a, const POLICYINFO **b), \
comp)))
+
/* POLICYQUALINFO */
#define sk_POLICYQUALINFO_new(comp) \
((STACK_OF(POLICYQUALINFO) *)sk_new(CHECKED_CAST( \
@@ -1691,6 +1712,7 @@
const POLICYQUALINFO **b), \
comp)))
+
/* POLICY_MAPPING */
#define sk_POLICY_MAPPING_new(comp) \
((STACK_OF(POLICY_MAPPING) *)sk_new(CHECKED_CAST( \
@@ -1769,6 +1791,7 @@
const POLICY_MAPPING **b), \
comp)))
+
/* SRTP_PROTECTION_PROFILE */
#define sk_SRTP_PROTECTION_PROFILE_new(comp) \
((STACK_OF(SRTP_PROTECTION_PROFILE) *)sk_new( \
@@ -1854,79 +1877,6 @@
const SRTP_PROTECTION_PROFILE **b), \
comp)))
-/* SSL_CIPHER */
-#define sk_SSL_CIPHER_new(comp) \
- ((STACK_OF(SSL_CIPHER) *)sk_new(CHECKED_CAST( \
- stack_cmp_func, int (*)(const SSL_CIPHER **a, const SSL_CIPHER **b), \
- comp)))
-
-#define sk_SSL_CIPHER_new_null() ((STACK_OF(SSL_CIPHER) *)sk_new_null())
-
-#define sk_SSL_CIPHER_num(sk) \
- sk_num(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk))
-
-#define sk_SSL_CIPHER_zero(sk) \
- sk_zero(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk));
-
-#define sk_SSL_CIPHER_value(sk, i) \
- ((SSL_CIPHER *)sk_value( \
- CHECKED_CAST(_STACK *, const STACK_OF(SSL_CIPHER) *, sk), (i)))
-
-#define sk_SSL_CIPHER_set(sk, i, p) \
- ((SSL_CIPHER *)sk_set(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
- (i), CHECKED_CAST(void *, SSL_CIPHER *, p)))
-
-#define sk_SSL_CIPHER_free(sk) \
- sk_free(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk))
-
-#define sk_SSL_CIPHER_pop_free(sk, free_func) \
- sk_pop_free( \
- CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
- CHECKED_CAST(void (*)(void *), void (*)(SSL_CIPHER *), free_func))
-
-#define sk_SSL_CIPHER_insert(sk, p, where) \
- sk_insert(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
- CHECKED_CAST(void *, SSL_CIPHER *, p), (where))
-
-#define sk_SSL_CIPHER_delete(sk, where) \
- ((SSL_CIPHER *)sk_delete(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
- (where)))
-
-#define sk_SSL_CIPHER_delete_ptr(sk, p) \
- ((SSL_CIPHER *)sk_delete_ptr( \
- CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
- CHECKED_CAST(void *, SSL_CIPHER *, p)))
-
-#define sk_SSL_CIPHER_find(sk, out_index, p) \
- sk_find(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), (out_index), \
- CHECKED_CAST(void *, SSL_CIPHER *, p))
-
-#define sk_SSL_CIPHER_shift(sk) \
- ((SSL_CIPHER *)sk_shift(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk)))
-
-#define sk_SSL_CIPHER_push(sk, p) \
- sk_push(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
- CHECKED_CAST(void *, SSL_CIPHER *, p))
-
-#define sk_SSL_CIPHER_pop(sk) \
- ((SSL_CIPHER *)sk_pop(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk)))
-
-#define sk_SSL_CIPHER_dup(sk) \
- ((STACK_OF(SSL_CIPHER) *)sk_dup( \
- CHECKED_CAST(_STACK *, const STACK_OF(SSL_CIPHER) *, sk)))
-
-#define sk_SSL_CIPHER_sort(sk) \
- sk_sort(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk))
-
-#define sk_SSL_CIPHER_is_sorted(sk) \
- sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(SSL_CIPHER) *, sk))
-
-#define sk_SSL_CIPHER_set_cmp_func(sk, comp) \
- ((int (*)(const SSL_CIPHER **a, const SSL_CIPHER **b))sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
- CHECKED_CAST(stack_cmp_func, \
- int (*)(const SSL_CIPHER **a, const SSL_CIPHER **b), \
- comp)))
/* SSL_COMP */
#define sk_SSL_COMP_new(comp) \
@@ -1998,6 +1948,7 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const SSL_COMP **a, const SSL_COMP **b), comp)))
+
/* STACK_OF_X509_NAME_ENTRY */
#define sk_STACK_OF_X509_NAME_ENTRY_new(comp) \
((STACK_OF(STACK_OF_X509_NAME_ENTRY) *)sk_new(CHECKED_CAST( \
@@ -2084,6 +2035,7 @@
const STACK_OF_X509_NAME_ENTRY **b), \
comp)))
+
/* SXNETID */
#define sk_SXNETID_new(comp) \
((STACK_OF(SXNETID) *)sk_new(CHECKED_CAST( \
@@ -2154,6 +2106,7 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const SXNETID **a, const SXNETID **b), comp)))
+
/* X509 */
#define sk_X509_new(comp) \
((STACK_OF(X509) *)sk_new(CHECKED_CAST( \
@@ -2217,6 +2170,7 @@
CHECKED_CAST(stack_cmp_func, int (*)(const X509 **a, const X509 **b), \
comp)))
+
/* X509V3_EXT_METHOD */
#define sk_X509V3_EXT_METHOD_new(comp) \
((STACK_OF(X509V3_EXT_METHOD) *)sk_new(CHECKED_CAST( \
@@ -2297,6 +2251,7 @@
const X509V3_EXT_METHOD **b), \
comp)))
+
/* X509_ALGOR */
#define sk_X509_ALGOR_new(comp) \
((STACK_OF(X509_ALGOR) *)sk_new(CHECKED_CAST( \
@@ -2371,6 +2326,7 @@
int (*)(const X509_ALGOR **a, const X509_ALGOR **b), \
comp)))
+
/* X509_ATTRIBUTE */
#define sk_X509_ATTRIBUTE_new(comp) \
((STACK_OF(X509_ATTRIBUTE) *)sk_new(CHECKED_CAST( \
@@ -2449,6 +2405,7 @@
const X509_ATTRIBUTE **b), \
comp)))
+
/* X509_CRL */
#define sk_X509_CRL_new(comp) \
((STACK_OF(X509_CRL) *)sk_new(CHECKED_CAST( \
@@ -2519,6 +2476,7 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const X509_CRL **a, const X509_CRL **b), comp)))
+
/* X509_EXTENSION */
#define sk_X509_EXTENSION_new(comp) \
((STACK_OF(X509_EXTENSION) *)sk_new(CHECKED_CAST( \
@@ -2597,6 +2555,7 @@
const X509_EXTENSION **b), \
comp)))
+
/* X509_INFO */
#define sk_X509_INFO_new(comp) \
((STACK_OF(X509_INFO) *)sk_new( \
@@ -2670,6 +2629,7 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const X509_INFO **a, const X509_INFO **b), comp)))
+
/* X509_LOOKUP */
#define sk_X509_LOOKUP_new(comp) \
((STACK_OF(X509_LOOKUP) *)sk_new(CHECKED_CAST( \
@@ -2744,6 +2704,7 @@
int (*)(const X509_LOOKUP **a, const X509_LOOKUP **b), \
comp)))
+
/* X509_NAME */
#define sk_X509_NAME_new(comp) \
((STACK_OF(X509_NAME) *)sk_new( \
@@ -2817,84 +2778,6 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const X509_NAME **a, const X509_NAME **b), comp)))
-/* X509_NAME_ENTRY */
-#define sk_X509_NAME_ENTRY_new(comp) \
- ((STACK_OF(X509_NAME_ENTRY) *)sk_new(CHECKED_CAST( \
- stack_cmp_func, \
- int (*)(const X509_NAME_ENTRY **a, const X509_NAME_ENTRY **b), comp)))
-
-#define sk_X509_NAME_ENTRY_new_null() \
- ((STACK_OF(X509_NAME_ENTRY) *)sk_new_null())
-
-#define sk_X509_NAME_ENTRY_num(sk) \
- sk_num(CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk))
-
-#define sk_X509_NAME_ENTRY_zero(sk) \
- sk_zero(CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk));
-
-#define sk_X509_NAME_ENTRY_value(sk, i) \
- ((X509_NAME_ENTRY *)sk_value( \
- CHECKED_CAST(_STACK *, const STACK_OF(X509_NAME_ENTRY) *, sk), (i)))
-
-#define sk_X509_NAME_ENTRY_set(sk, i, p) \
- ((X509_NAME_ENTRY *)sk_set( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), (i), \
- CHECKED_CAST(void *, X509_NAME_ENTRY *, p)))
-
-#define sk_X509_NAME_ENTRY_free(sk) \
- sk_free(CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk))
-
-#define sk_X509_NAME_ENTRY_pop_free(sk, free_func) \
- sk_pop_free( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \
- CHECKED_CAST(void (*)(void *), void (*)(X509_NAME_ENTRY *), free_func))
-
-#define sk_X509_NAME_ENTRY_insert(sk, p, where) \
- sk_insert(CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \
- CHECKED_CAST(void *, X509_NAME_ENTRY *, p), (where))
-
-#define sk_X509_NAME_ENTRY_delete(sk, where) \
- ((X509_NAME_ENTRY *)sk_delete( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), (where)))
-
-#define sk_X509_NAME_ENTRY_delete_ptr(sk, p) \
- ((X509_NAME_ENTRY *)sk_delete_ptr( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \
- CHECKED_CAST(void *, X509_NAME_ENTRY *, p)))
-
-#define sk_X509_NAME_ENTRY_find(sk, out_index, p) \
- sk_find(CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \
- (out_index), CHECKED_CAST(void *, X509_NAME_ENTRY *, p))
-
-#define sk_X509_NAME_ENTRY_shift(sk) \
- ((X509_NAME_ENTRY *)sk_shift( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk)))
-
-#define sk_X509_NAME_ENTRY_push(sk, p) \
- sk_push(CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \
- CHECKED_CAST(void *, X509_NAME_ENTRY *, p))
-
-#define sk_X509_NAME_ENTRY_pop(sk) \
- ((X509_NAME_ENTRY *)sk_pop( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk)))
-
-#define sk_X509_NAME_ENTRY_dup(sk) \
- ((STACK_OF(X509_NAME_ENTRY) *)sk_dup( \
- CHECKED_CAST(_STACK *, const STACK_OF(X509_NAME_ENTRY) *, sk)))
-
-#define sk_X509_NAME_ENTRY_sort(sk) \
- sk_sort(CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk))
-
-#define sk_X509_NAME_ENTRY_is_sorted(sk) \
- sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_NAME_ENTRY) *, sk))
-
-#define sk_X509_NAME_ENTRY_set_cmp_func(sk, comp) \
- ((int (*)(const X509_NAME_ENTRY **a, const X509_NAME_ENTRY **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const X509_NAME_ENTRY **a, \
- const X509_NAME_ENTRY **b), \
- comp)))
/* X509_NAME_ENTRY */
#define sk_X509_NAME_ENTRY_new(comp) \
@@ -2975,6 +2858,7 @@
const X509_NAME_ENTRY **b), \
comp)))
+
/* X509_OBJECT */
#define sk_X509_OBJECT_new(comp) \
((STACK_OF(X509_OBJECT) *)sk_new(CHECKED_CAST( \
@@ -3049,6 +2933,7 @@
int (*)(const X509_OBJECT **a, const X509_OBJECT **b), \
comp)))
+
/* X509_POLICY_DATA */
#define sk_X509_POLICY_DATA_new(comp) \
((STACK_OF(X509_POLICY_DATA) *)sk_new(CHECKED_CAST( \
@@ -3128,6 +3013,7 @@
const X509_POLICY_DATA **b), \
comp)))
+
/* X509_POLICY_NODE */
#define sk_X509_POLICY_NODE_new(comp) \
((STACK_OF(X509_POLICY_NODE) *)sk_new(CHECKED_CAST( \
@@ -3207,6 +3093,7 @@
const X509_POLICY_NODE **b), \
comp)))
+
/* X509_PURPOSE */
#define sk_X509_PURPOSE_new(comp) \
((STACK_OF(X509_PURPOSE) *)sk_new(CHECKED_CAST( \
@@ -3283,6 +3170,7 @@
int (*)(const X509_PURPOSE **a, const X509_PURPOSE **b), \
comp)))
+
/* X509_REVOKED */
#define sk_X509_REVOKED_new(comp) \
((STACK_OF(X509_REVOKED) *)sk_new(CHECKED_CAST( \
@@ -3359,6 +3247,7 @@
int (*)(const X509_REVOKED **a, const X509_REVOKED **b), \
comp)))
+
/* X509_TRUST */
#define sk_X509_TRUST_new(comp) \
((STACK_OF(X509_TRUST) *)sk_new(CHECKED_CAST( \
@@ -3433,6 +3322,7 @@
int (*)(const X509_TRUST **a, const X509_TRUST **b), \
comp)))
+
/* X509_VERIFY_PARAM */
#define sk_X509_VERIFY_PARAM_new(comp) \
((STACK_OF(X509_VERIFY_PARAM) *)sk_new(CHECKED_CAST( \
@@ -3513,6 +3403,7 @@
const X509_VERIFY_PARAM **b), \
comp)))
+
/* void */
#define sk_void_new(comp) \
((STACK_OF(void)*)sk_new(CHECKED_CAST( \
@@ -3576,6 +3467,85 @@
CHECKED_CAST(stack_cmp_func, int (*)(const void **a, const void **b), \
comp)))
+
+/* SSL_CIPHER */
+#define sk_SSL_CIPHER_new(comp) \
+ ((STACK_OF(SSL_CIPHER) *)sk_new(CHECKED_CAST( \
+ stack_cmp_func, \
+ int (*)(const const SSL_CIPHER **a, const const SSL_CIPHER **b), comp)))
+
+#define sk_SSL_CIPHER_new_null() ((STACK_OF(SSL_CIPHER) *)sk_new_null())
+
+#define sk_SSL_CIPHER_num(sk) \
+ sk_num(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk))
+
+#define sk_SSL_CIPHER_zero(sk) \
+ sk_zero(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk));
+
+#define sk_SSL_CIPHER_value(sk, i) \
+ ((const SSL_CIPHER *)sk_value( \
+ CHECKED_CAST(_STACK *, const STACK_OF(SSL_CIPHER) *, sk), (i)))
+
+#define sk_SSL_CIPHER_set(sk, i, p) \
+ ((const SSL_CIPHER *)sk_set( \
+ CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), (i), \
+ CHECKED_CAST(void *, const SSL_CIPHER *, p)))
+
+#define sk_SSL_CIPHER_free(sk) \
+ sk_free(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk))
+
+#define sk_SSL_CIPHER_pop_free(sk, free_func) \
+ sk_pop_free( \
+ CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
+ CHECKED_CAST(void (*)(void *), void (*)(const SSL_CIPHER *), free_func))
+
+#define sk_SSL_CIPHER_insert(sk, p, where) \
+ sk_insert(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
+ CHECKED_CAST(void *, const SSL_CIPHER *, p), (where))
+
+#define sk_SSL_CIPHER_delete(sk, where) \
+ ((const SSL_CIPHER *)sk_delete( \
+ CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), (where)))
+
+#define sk_SSL_CIPHER_delete_ptr(sk, p) \
+ ((const SSL_CIPHER *)sk_delete_ptr( \
+ CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
+ CHECKED_CAST(void *, const SSL_CIPHER *, p)))
+
+#define sk_SSL_CIPHER_find(sk, out_index, p) \
+ sk_find(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), (out_index), \
+ CHECKED_CAST(void *, const SSL_CIPHER *, p))
+
+#define sk_SSL_CIPHER_shift(sk) \
+ ((const SSL_CIPHER *)sk_shift( \
+ CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk)))
+
+#define sk_SSL_CIPHER_push(sk, p) \
+ sk_push(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
+ CHECKED_CAST(void *, const SSL_CIPHER *, p))
+
+#define sk_SSL_CIPHER_pop(sk) \
+ ((const SSL_CIPHER *)sk_pop( \
+ CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk)))
+
+#define sk_SSL_CIPHER_dup(sk) \
+ ((STACK_OF(SSL_CIPHER) *)sk_dup( \
+ CHECKED_CAST(_STACK *, const STACK_OF(SSL_CIPHER) *, sk)))
+
+#define sk_SSL_CIPHER_sort(sk) \
+ sk_sort(CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk))
+
+#define sk_SSL_CIPHER_is_sorted(sk) \
+ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(SSL_CIPHER) *, sk))
+
+#define sk_SSL_CIPHER_set_cmp_func(sk, comp) \
+ ((int (*)(const SSL_CIPHER **a, const SSL_CIPHER **b))sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(SSL_CIPHER) *, sk), \
+ CHECKED_CAST(stack_cmp_func, \
+ int (*)(const SSL_CIPHER **a, const SSL_CIPHER **b), \
+ comp)))
+
+
/* OPENSSL_STRING */
#define sk_OPENSSL_STRING_new(comp) \
((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_CAST( \
@@ -3654,6 +3624,7 @@
const OPENSSL_STRING **b), \
comp)))
+
/* OPENSSL_BLOCK */
#define sk_OPENSSL_BLOCK_new(comp) \
((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_CAST( \
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 6b218f2..631ed8b 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -920,7 +920,7 @@
/* check if we want to resume the session based on external pre-shared secret */
if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
{
- SSL_CIPHER *pref_cipher=NULL;
+ const SSL_CIPHER *pref_cipher=NULL;
s->session->master_key_length=sizeof(s->session->master_key);
if (s->tls_session_secret_cb(s, s->session->master_key,
&s->session->master_key_length,
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 4e98f33..9a29bf8 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -165,7 +165,7 @@
#define FIXED_NONCE_LEN(x) ((x/2)<<24)
/* list of available SSLv3 ciphers (sorted by id) */
-SSL_CIPHER ssl3_ciphers[]={
+const SSL_CIPHER ssl3_ciphers[]={
/* The RSA ciphers */
/* Cipher 04 */
@@ -2671,10 +2671,10 @@
return NULL;
}
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
struct ssl_cipher_preference_list_st *server_pref)
{
- SSL_CIPHER *c,*ret=NULL;
+ const SSL_CIPHER *c,*ret=NULL;
STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
int i,ok;
size_t cipher_index;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 6a028ef..19a121d 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -821,7 +821,7 @@
{
int i,ok,al=SSL_AD_INTERNAL_ERROR,ret= -1;
long n;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *ciphers=NULL;
struct ssl_early_callback_ctx early_ctx;
CBS client_hello;
@@ -1152,7 +1152,7 @@
if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
{
- SSL_CIPHER *pref_cipher=NULL;
+ const SSL_CIPHER *pref_cipher=NULL;
s->session->master_key_length=sizeof(s->session->master_key);
if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 62f790f..2371553 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -690,7 +690,7 @@
if ((algorithm_ssl & mask_ssl) == 0)
continue;
- *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
+ *ca_curr = cipher_aliases + i;
ca_curr++;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ecc0c27..ea8af85 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1398,7 +1398,7 @@
/** The old interface to get the same thing as SSL_get_ciphers() */
const char *SSL_get_cipher_list(const SSL *s,int n)
{
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
if (s == NULL) return(NULL);
@@ -1472,7 +1472,7 @@
{
char *p;
STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
int i;
if ((s->session == NULL) || (s->session->ciphers == NULL) ||
@@ -1510,7 +1510,7 @@
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
{
int i;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
CERT *ct = s->cert;
unsigned char *q;
int no_scsv = s->renegotiate;
@@ -1546,7 +1546,7 @@
{
if (!no_scsv)
{
- static SSL_CIPHER scsv =
+ static const SSL_CIPHER scsv =
{
0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
@@ -1557,7 +1557,7 @@
}
if (s->fallback_scsv)
{
- static SSL_CIPHER fallback_scsv =
+ static const SSL_CIPHER fallback_scsv =
{
0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 8a549d1..b28c936 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -690,7 +690,7 @@
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-extern SSL_CIPHER ssl3_ciphers[];
+extern const SSL_CIPHER ssl3_ciphers[];
SSL_METHOD *ssl_bad_method(int ver);
@@ -934,7 +934,7 @@
int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
void ssl3_free_digest_list(SSL *s);
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
+const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
struct ssl_cipher_preference_list_st *srvr);
int ssl3_setup_buffers(SSL *s);
int ssl3_setup_read_buffer(SSL *s);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 0b6a6e3..50d9190 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -851,7 +851,7 @@
}
int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
- STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
+ STACK_OF(SSL_CIPHER) *peer_ciphers, const SSL_CIPHER **cipher, void *arg), void *arg)
{
if (s == NULL) return(0);
s->tls_session_secret_cb = tls_session_secret_cb;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index f6518c4..cdbc6c3 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -937,7 +937,7 @@
for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++)
{
- SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
+ const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
