Fix const qualifiers from strchr where discarded

This patch fixes several const qualifiers byu adding where required.

    warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]

Since glibc-2.43 and ISO C23, the functions bsearch, memchr, strchr,
strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr
that return pointers into their input arrays now have definitions as
macros that return a pointer to a const-qualified type when the input
argument is a pointer to a const-qualified type.

Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed Feb 25 11:04:09 2026
(Merged from https://github.com/openssl/openssl/pull/30136)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 1e815617618828ebbd9acf9ac92bb6cfdd05ffab..211301b747e9867fe80420f904a95ebc07ef6e02 100644 (file)
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -258,15 +258,15 @@ static char *app_get_pass(const char *arg, int keepbio)
             }
         } else {
             /* argument syntax error; do not reveal too much about arg */
-            tmp = strchr(arg, ':');
-            if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX)
+            const char *arg_ptr = strchr(arg, ':');
+            if (arg_ptr == NULL || arg_ptr - arg > PASS_SOURCE_SIZE_MAX)
                 BIO_printf(bio_err,
                     "Invalid password argument, missing ':' within the first %d chars\n",
                     PASS_SOURCE_SIZE_MAX + 1);
             else
                 BIO_printf(bio_err,
                     "Invalid password argument, starting with \"%.*s\"\n",
-                    (int)(tmp - arg + 1), arg);
+                    (int)(arg_ptr - arg + 1), arg);
             return NULL;
         }
     }

diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 998c0538e3fa711461d7e3208eac26e938262aa5..82b7cabf4cc8c7af2367d2ace1df2c6eccdb21e1 100644 (file)
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -356,7 +356,7 @@ static CONF_MODULE *module_find(const char *name)
     CONF_MODULE *tmod;
     int i;
     size_t nchar;
-    char *p;
+    const char *p;
     STACK_OF(CONF_MODULE) *mods;
 
     p = strrchr(name, '.');

diff --git a/crypto/punycode.c b/crypto/punycode.c
index 5098437f69d870d2078827016adb4e203b7c8105..9be467eeb46c2e51d5430e330df24d50182d0c5f 100644 (file)
--- a/crypto/punycode.c
+++ b/crypto/punycode.c
@@ -271,7 +271,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t outlen)
         return -1;
 
     while (1) {
-        char *tmpptr = strchr(inptr, '.');
+        const char *tmpptr = strchr(inptr, '.');
         size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
 
         if (!HAS_PREFIX(inptr, "xn--")) {

diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c
index 99cbc8cab6743f678db9f5b240a6d6ed2459d610..c7652823cd424837c005187d195fda281e52bb2e 100644 (file)
--- a/crypto/x509/v3_cpols.c
+++ b/crypto/x509/v3_cpols.c
@@ -258,7 +258,7 @@ err:
 
 static int displaytext_get_tag_len(const char *tagstr)
 {
-    char *colon = strchr(tagstr, ':');
+    const char *colon = strchr(tagstr, ':');
 
     return (colon == NULL) ? -1 : (int)(colon - tagstr);
 }

diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c
index de2aa5980625671759a233ff6857721a042d427d..247fe0a1aeb558c434f97b6c9d6e758ea36b7484 100644 (file)
--- a/crypto/x509/v3_san.c
+++ b/crypto/x509/v3_san.c
@@ -634,7 +634,8 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
 
 static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
 {
-    char *objtmp = NULL, *p;
+    char *objtmp = NULL;
+    const char *p;
     size_t objlen;
 
     if ((p = strchr(value, ';')) == NULL)

diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index d5a8bc14d9985ca05aa210517cfceb6b61ac78ef..87c05ef9651b047cb05121faa3f205a04b48e361 100644 (file)
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -1144,15 +1144,16 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
     ASN1_OCTET_STRING *ret = NULL;
     unsigned char ipout[32];
     char *iptmp = NULL, *p;
+    const char *slash;
     int iplen1, iplen2;
 
-    p = strchr(ipasc, '/');
-    if (p == NULL)
+    slash = strchr(ipasc, '/');
+    if (slash == NULL)
         return NULL;
     iptmp = OPENSSL_strdup(ipasc);
     if (iptmp == NULL)
         return NULL;
-    p = iptmp + (p - ipasc);
+    p = iptmp + (slash - ipasc);
     *p++ = 0;
 
     iplen1 = ossl_a2i_ipadd(ipout, iptmp);

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c0b2f2073a93da7215b9795ba262eb4489e249cf..1d181a2e9ff7a1f46dd00f455996723c0da09daf 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1294,7 +1294,7 @@ static int gid_cb(const char *elem, int len, void *arg)
     int found_group = 0;
     char etmp[GROUP_NAME_BUFFER_LENGTH];
     int retval = 1; /* We assume success */
-    char *current_prefix;
+    const char *current_prefix;
     int ignore_unknown = 0;
     int add_keyshare = 0;
     int remove_group = 0;

diff --git a/test/evp_test.c b/test/evp_test.c
index 5e031392818e4f43f8cbc9a4dec5400be6729fb2..fdab7c0e8196116f792a42b0e90f8d12c025e79a 100644 (file)
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -2737,7 +2737,7 @@ static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
 static int pkey_add_control(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls,
     const char *value)
 {
-    char *p;
+    const char *p;
 
     if (controls == NULL)
         return 0;