These all took const, but returned non const, they should return const.
This then triggers constifying of a whole class of get_ext() functions.
Part of #28654 and #29117
Fixes: openssl/project#1779
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Feb 24 18:53:25 2026
(Merged from https://github.com/openssl/openssl/pull/29465)
*Kurt Roeckx*
+ * Various function return values have been constified, particularly in X509
+ and related areas, and when functions were returning non-const objects
+ owned by a const parameter.
+
+ *Bob Beck*
+
* The script tool `c_rehash` was removed. Use `openssl rehash` instead.
*Norbert Pocs*
exts = X509_REQ_get_extensions(req);
for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
- X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
- ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext);
+ const X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+ const ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext);
int idx = X509_get_ext_by_OBJ(x, obj, -1);
/* Does extension exist in target? */
idx = X509v3_get_ext_by_OBJ(exts, X509_EXTENSION_get_object(new_ext), -1);
if (idx >= 0) {
- X509_EXTENSION *found_ext = X509v3_get_ext(exts, idx);
- ASN1_OCTET_STRING *encoded = X509_EXTENSION_get_data(found_ext);
+ const X509_EXTENSION *found_ext = X509v3_get_ext(exts, idx);
+ const ASN1_OCTET_STRING *encoded = X509_EXTENSION_get_data(found_ext);
int disabled = ASN1_STRING_length(encoded) <= 2; /* indicating "none" */
if (disabled) {
- X509_delete_ext(cert, idx);
- X509_EXTENSION_free(found_ext);
+ X509_EXTENSION_free(X509_delete_ext(cert, idx));
} /* else keep existing key identifier, which might be outdated */
rv = 1;
} else {
goto err;
for (i = 0; i < n; i++) {
X509_EXTENSION *ex = sk_X509_EXTENSION_value(cert_exts, i);
- ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
+ const ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
if (OBJ_cmp(obj, skid) != 0 && OBJ_cmp(obj, akid) != 0
&& !sk_X509_EXTENSION_push(exts, ex))
if (clrext && ext_names != NULL)
BIO_puts(bio_err, "Warning: Ignoring -ext since -clrext is given\n");
for (i = X509_get_ext_count(x) - 1; i >= 0; i--) {
- X509_EXTENSION *ex = X509_get_ext(x, i);
+ const X509_EXTENSION *ex = X509_get_ext(x, i);
const char *sn = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ex)));
if (clrext || (ext_names != NULL && strstr(ext_names, sn) == NULL))
const STACK_OF(X509_EXTENSION) *exts = NULL;
STACK_OF(X509_EXTENSION) *exts2 = NULL;
X509_EXTENSION *ext = NULL;
- ASN1_OBJECT *obj;
+ const ASN1_OBJECT *obj;
int i, j, ret = 0, num, nn = 0;
const char *sn, **names = NULL;
char *tmp_ext_names = NULL;
*/
__owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner)
{
+ int ret = 0;
int preidx, certidx;
int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
+ X509_EXTENSION *new = NULL;
- if (presigner == NULL)
- return 1;
+ if (presigner == NULL) {
+ ret = 1;
+ goto done;
+ }
preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier,
&pre_akid_ext_is_dup);
/* An error occurred whilst searching for the extension */
if (preidx < -1 || certidx < -1)
- return 0;
+ goto done;
/* Invalid certificate if they contain duplicate extensions */
if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)
- return 0;
+ goto done;
/* AKID must be present in both certificate or absent in both */
if (preidx >= 0 && certidx == -1)
- return 0;
+ goto done;
if (preidx == -1 && certidx >= 0)
- return 0;
+ goto done;
/* Copy issuer name */
if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
- return 0;
+ goto done;
if (preidx != -1) {
/* Retrieve and copy AKID encoding */
- X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
- X509_EXTENSION *certext = X509_get_ext(cert, certidx);
- ASN1_OCTET_STRING *preextdata;
+ const X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
+ const X509_EXTENSION *certext = X509_get_ext(cert, certidx);
+ const ASN1_OCTET_STRING *preextdata;
/* Should never happen */
if (preext == NULL || certext == NULL)
- return 0;
+ goto done;
+ if ((new = X509_EXTENSION_dup(certext)) == NULL)
+ goto done;
preextdata = X509_EXTENSION_get_data(preext);
- if (preextdata == NULL || !X509_EXTENSION_set_data(certext, preextdata))
- return 0;
+ if (preextdata == NULL || !X509_EXTENSION_set_data(new, preextdata))
+ goto done;
+ X509_EXTENSION_free(X509_delete_ext(cert, certidx));
+ certext = NULL;
+ if (!X509_add_ext(cert, new, certidx))
+ goto done;
+ ret = 1;
}
- return 1;
+done:
+ X509_EXTENSION_free(new);
+ return ret;
}
int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
return (X509v3_get_ext_by_critical(x->tbsRequest.requestExtensions, crit, lastpos));
}
-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
+const X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
{
return X509v3_get_ext(x->tbsRequest.requestExtensions, loc);
}
crit, flags);
}
-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, const X509_EXTENSION *ex, int loc)
{
return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) != NULL);
}
return (X509v3_get_ext_by_critical(x->singleRequestExtensions, crit, lastpos));
}
-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
+const X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
{
return X509v3_get_ext(x->singleRequestExtensions, loc);
}
flags);
}
-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, const X509_EXTENSION *ex, int loc)
{
return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL);
}
return (X509v3_get_ext_by_critical(x->tbsResponseData.responseExtensions, crit, lastpos));
}
-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
+const X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
{
return X509v3_get_ext(x->tbsResponseData.responseExtensions, loc);
}
value, crit, flags);
}
-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, const X509_EXTENSION *ex, int loc)
{
return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc)
!= NULL);
return X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos);
}
-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
+const X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
{
return X509v3_get_ext(x->singleExtensions, loc);
}
return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
}
-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, const X509_EXTENSION *ex, int loc)
{
return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL);
}
*/
int req_idx, resp_idx;
- X509_EXTENSION *req_ext, *resp_ext;
+ const X509_EXTENSION *req_ext, *resp_ext;
req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
/* Check both absent */
int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
{
- X509_EXTENSION *req_ext;
+ const X509_EXTENSION *req_ext;
int req_idx;
/* Check for nonce in request */
req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions)
{
int i, critical, n;
- X509_EXTENSION *ex;
- ASN1_OBJECT *obj;
+ const X509_EXTENSION *ex;
+ const ASN1_OBJECT *obj;
BIO_printf(bio, "Extensions:\n");
n = X509v3_get_ext_count(extensions);
return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
}
-X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc)
+const X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc)
{
return X509v3_get_ext(a->extensions, loc);
}
return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
}
-X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc)
+const X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc)
{
return X509v3_get_ext(a->extensions, loc);
}
if (BIO_printf(bp, "%8sExtensions:\n", "") <= 0)
goto err;
for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
- ASN1_OBJECT *obj;
- X509_EXTENSION *ex;
+ const ASN1_OBJECT *obj;
+ const X509_EXTENSION *ex;
int critical;
ex = sk_X509_EXTENSION_value(exts, i);
if (BIO_printf(bp, "%12sRequested Extensions:\n", "") <= 0)
goto err;
for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
- ASN1_OBJECT *obj;
- X509_EXTENSION *ex;
+ const ASN1_OBJECT *obj;
+ const X509_EXTENSION *ex;
int critical;
ex = sk_X509_EXTENSION_value(exts, i);
if (BIO_printf(bp, "%16s", "") <= 0)
GENERAL_NAMES *gens = NULL;
GENERAL_NAME *gen = NULL;
ASN1_INTEGER *serial = NULL;
- X509_EXTENSION *ext;
+ const X509_EXTENSION *ext;
X509 *issuer_cert;
int same_issuer, ss;
AUTHORITY_KEYID *akeyid = AUTHORITY_KEYID_new();
static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
{
int idx;
- ASN1_OBJECT *obj;
+ const ASN1_OBJECT *obj;
obj = X509_EXTENSION_get_object(dext);
while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0)
return sk_X509V3_EXT_METHOD_value(ext_list, idx);
}
-const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+const X509V3_EXT_METHOD *X509V3_EXT_get(const X509_EXTENSION *ext)
{
int nid;
if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef)
/* Return an extension internal structure */
-void *X509V3_EXT_d2i(X509_EXTENSION *ext)
+void *X509V3_EXT_d2i(const X509_EXTENSION *ext)
{
const X509V3_EXT_METHOD *method;
const unsigned char *p;
- ASN1_STRING *extvalue;
+ const ASN1_STRING *extvalue;
int extlen;
if ((method = X509V3_EXT_get(ext)) == NULL)
/* Main routine: print out a general extension */
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+int X509V3_EXT_print(BIO *out, const X509_EXTENSION *ext, unsigned long flag,
int indent)
{
void *ext_str = NULL;
char *value = NULL;
- ASN1_OCTET_STRING *extoct;
+ const ASN1_OCTET_STRING *extoct;
const unsigned char *p;
int extlen;
const X509V3_EXT_METHOD *method;
}
for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
- ASN1_OBJECT *obj;
- X509_EXTENSION *ex;
+ const ASN1_OBJECT *obj;
+ const X509_EXTENSION *ex;
ex = sk_X509_EXTENSION_value(exts, i);
obj = X509_EXTENSION_get_object(ex);
DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid);
IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid);
-int X509_supported_extension(X509_EXTENSION *ex)
+int X509_supported_extension(const X509_EXTENSION *ex)
{
/*
* This table is a list of the NIDs of supported extensions: that is
x->ex_flags |= EXFLAG_INVALID;
#endif
for (i = 0; i < X509_get_ext_count(x); i++) {
- X509_EXTENSION *ex = X509_get_ext(x, i);
+ const X509_EXTENSION *ex = X509_get_ext(x, i);
int nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
if (nid == NID_freshest_crl)
if (i_ext < 0)
return 0;
if (i_ext >= 0) {
- X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
+ const X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
if (!X509_EXTENSION_get_critical(ext))
return 0;
}
{
GENERAL_NAMES *ialt = NULL;
GENERAL_NAME *gen;
- X509_EXTENSION *ext;
+ const X509_EXTENSION *ext;
int i, num;
if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
return X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos);
}
-X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc)
+const X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc)
{
return X509v3_get_ext(x->crl.extensions, loc);
}
return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags);
}
-int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
+int X509_CRL_add_ext(X509_CRL *x, const X509_EXTENSION *ex, int loc)
{
return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL);
}
return (X509v3_get_ext_by_critical(x->cert_info.extensions, crit, lastpos));
}
-X509_EXTENSION *X509_get_ext(const X509 *x, int loc)
+const X509_EXTENSION *X509_get_ext(const X509 *x, int loc)
{
return X509v3_get_ext(x->cert_info.extensions, loc);
}
return delete_ext(&x->cert_info.extensions, loc);
}
-int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
+int X509_add_ext(X509 *x, const X509_EXTENSION *ex, int loc)
{
return (X509v3_add_ext(&(x->cert_info.extensions), ex, loc) != NULL);
}
return X509v3_get_ext_by_critical(x->extensions, crit, lastpos);
}
-X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
+const X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
{
return X509v3_get_ext(x->extensions, loc);
}
return -1;
}
-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
+const X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
{
if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
return NULL;
}
STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
- X509_EXTENSION *ex, int loc)
+ const X509_EXTENSION *ex, int loc)
{
X509_EXTENSION *new_ex = NULL;
int n;
}
for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
- X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
- ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext);
+ const X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+ const ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext);
int idx = X509v3_get_ext_by_OBJ(*target, obj, -1);
/* Does extension exist in target? */
return 1;
}
-int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data)
{
int i;
return 1;
}
-ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
+const ASN1_OBJECT *X509_EXTENSION_get_object(const X509_EXTENSION *ex)
{
if (ex == NULL)
return NULL;
return ex->object;
}
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
+const ASN1_OCTET_STRING *X509_EXTENSION_get_data(const X509_EXTENSION *ex)
{
if (ex == NULL)
return NULL;
*/
static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
{
- ASN1_OCTET_STRING *exta = NULL, *extb = NULL;
+ const ASN1_OCTET_STRING *exta = NULL, *extb = NULL;
int i = X509_CRL_get_ext_by_NID(a, nid, -1);
if (i >= 0) {
* number to correct value too.
*/
for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
- X509_EXTENSION *ext = X509_CRL_get_ext(newer, i);
-
+ const X509_EXTENSION *ext = X509_CRL_get_ext(newer, i);
if (!X509_CRL_add_ext(crl, ext, -1)) {
ERR_raise(ERR_LIB_X509, ERR_R_X509_LIB);
goto err;
int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
int crit, unsigned long flags);
- void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+ void *X509V3_EXT_d2i(const X509_EXTENSION *ext);
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
- int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
+ int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data);
X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
int nid, int crit,
const ASN1_OBJECT *obj, int crit,
ASN1_OCTET_STRING *data);
- ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ const ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
- ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+ const ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
=head1 DESCRIPTION
#include <openssl/x509.h>
int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
- X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+ const X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
int nid, int lastpos);
const STACK_OF(X509_EXTENSION) *exts);
int X509_get_ext_count(const X509 *x);
- X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
+ const X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
- int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+ int X509_add_ext(X509 *x, const X509_EXTENSION *ex, int loc);
int X509_CRL_get_ext_count(const X509_CRL *x);
- X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
+ const X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
int lastpos);
int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
- int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+ int X509_CRL_add_ext(X509_CRL *x, const X509_EXTENSION *ex, int loc);
int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
- X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
+ const X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
int lastpos);
int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
int lastpos);
int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
+const X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit,
int *idx);
int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
unsigned long flags);
-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, const X509_EXTENSION *ex, int loc);
int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos);
int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
+const X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
unsigned long flags);
-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, const X509_EXTENSION *ex, int loc);
int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
int lastpos);
int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
int lastpos);
-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
+const X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
int *idx);
int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
int crit, unsigned long flags);
-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, const X509_EXTENSION *ex, int loc);
int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
int lastpos);
int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
int lastpos);
-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
+const X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
int *idx);
int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
int crit, unsigned long flags);
-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, const X509_EXTENSION *ex, int loc);
const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x);
DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos);
int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
-X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
+const X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc);
void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx);
int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj,
int lastpos);
int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
-X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
+const X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc);
void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx);
const ASN1_OBJECT *obj, int lastpos);
int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
int crit, int lastpos);
-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+const X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
- X509_EXTENSION *ex, int loc);
+ const X509_EXTENSION *ex, int loc);
STACK_OF(X509_EXTENSION) *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target,
const STACK_OF(X509_EXTENSION) *exts);
int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
-X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
+const X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
-int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+int X509_add_ext(X509 *x, const X509_EXTENSION *ex, int loc);
void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
unsigned long flags);
int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
int lastpos);
int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
-X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
+const X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
-int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+int X509_CRL_add_ext(X509_CRL *x, const X509_EXTENSION *ex, int loc);
void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx);
int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
unsigned long flags);
int lastpos);
int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit,
int lastpos);
-X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
+const X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit,
ASN1_OCTET_STRING *data);
int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
-int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
-ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data);
+const ASN1_OBJECT *X509_EXTENSION_get_object(const X509_EXTENSION *ex);
+const ASN1_OCTET_STRING *X509_EXTENSION_get_data(const X509_EXTENSION *ne);
int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
int X509V3_EXT_add_alias(int nid_to, int nid_from);
void X509V3_EXT_cleanup(void);
-const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get(const X509_EXTENSION *ext);
const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
int X509V3_add_standard_extensions(void);
STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
-void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+void *X509V3_EXT_d2i(const X509_EXTENSION *ext);
void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
int *idx);
void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
int ml);
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+int X509V3_EXT_print(BIO *out, const X509_EXTENSION *ext, unsigned long flag,
int indent);
#ifndef OPENSSL_NO_STDIO
int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
int X509_check_ca(const X509 *x);
int X509_check_purpose(const X509 *x, int id, int ca);
-int X509_supported_extension(X509_EXTENSION *ex);
+int X509_supported_extension(const X509_EXTENSION *ex);
int X509_check_issued(X509 *issuer, X509 *subject);
int X509_check_akid(const X509 *issuer, const AUTHORITY_KEYID *akid);
void X509_set_proxy_flag(X509 *x);
return result;
}
-static int compare_extension_printout(X509_EXTENSION *extension,
+static int compare_extension_printout(const X509_EXTENSION *extension,
const char *expected_output)
{
BIO *text_buffer = NULL;
if (fixture->certificate_file != NULL) {
int sct_extension_index;
int i;
- X509_EXTENSION *sct_extension = NULL;
+ const X509_EXTENSION *sct_extension = NULL;
if (!TEST_ptr(cert = load_pem_cert(fixture->certs_dir,
fixture->certificate_file)))
projects / thirdparty / openssl.git / commitdiff
