int certReqId, const OSSL_CMP_PKISI *si,
X509 *cert, const EVP_PKEY *pkey,
const X509 *encryption_recip,
- STACK_OF(X509) *chain, STACK_OF(X509) *caPubs,
+ const STACK_OF(X509) *chain, STACK_OF(X509) *caPubs,
int unprotectedErrors);
OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx);
OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
int certReqId, const OSSL_CMP_PKISI *si,
X509 *cert, const EVP_PKEY *pkey,
const X509 *encryption_recip,
- STACK_OF(X509) *chain, STACK_OF(X509) *caPubs,
+ const STACK_OF(X509) *chain, STACK_OF(X509) *caPubs,
int unprotectedErrors)
{
OSSL_CMP_MSG *msg = NULL;
return ossl_cms_SignerIdentifier_cert_cmp(si->sid, cert);
}
-int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, const STACK_OF(X509) *scerts,
unsigned int flags)
{
CMS_SignedData *sd;
}
BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
- STACK_OF(X509) *scerts, X509_STORE *store,
- STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+ const STACK_OF(X509) *scerts, X509_STORE *store,
+ const STACK_OF(X509) *extra,
+ const STACK_OF(X509_CRL) *crls,
unsigned int flags,
OSSL_LIB_CTX *libctx, const char *propq)
{
}
/* This strongly overlaps with PKCS7_verify() */
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+int CMS_verify(CMS_ContentInfo *cms, const STACK_OF(X509) *certs,
X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
{
CMS_SignerInfo *si;
}
int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
- STACK_OF(X509) *certs,
+ const STACK_OF(X509) *certs,
X509_STORE *store, unsigned int flags)
{
int r;
}
CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
- STACK_OF(X509) *certs, BIO *data,
+ const STACK_OF(X509) *certs, BIO *data,
unsigned int flags, OSSL_LIB_CTX *libctx,
const char *propq)
{
return NULL;
}
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
- BIO *data, unsigned int flags)
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
+ const STACK_OF(X509) *certs, BIO *data, unsigned int flags)
{
return CMS_sign_ex(signcert, pkey, certs, data, flags, NULL, NULL);
}
CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
X509 *signcert, EVP_PKEY *pkey,
- STACK_OF(X509) *certs, unsigned int flags)
+ const STACK_OF(X509) *certs, unsigned int flags)
{
CMS_SignerInfo *rct_si;
CMS_ContentInfo *cms = NULL;
return NULL;
}
-CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *data,
+CMS_ContentInfo *CMS_encrypt_ex(const STACK_OF(X509) *certs, BIO *data,
const EVP_CIPHER *cipher, unsigned int flags,
OSSL_LIB_CTX *libctx, const char *propq)
{
return NULL;
}
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
+CMS_ContentInfo *CMS_encrypt(const STACK_OF(X509) *certs, BIO *data,
const EVP_CIPHER *cipher, unsigned int flags)
{
return CMS_encrypt_ex(certs, data, cipher, flags, NULL, NULL);
X509 *signer,
EVP_PKEY *key,
const EVP_MD *dgst,
- STACK_OF(X509) *certs, unsigned long flags)
+ const STACK_OF(X509) *certs, unsigned long flags)
{
if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
goto err;
*/
int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
X509 *signer, EVP_MD_CTX *ctx,
- STACK_OF(X509) *certs, unsigned long flags)
+ const STACK_OF(X509) *certs, unsigned long flags)
{
OCSP_RESPID *rid;
EVP_PKEY *pkey;
int OCSP_basic_sign(OCSP_BASICRESP *brsp,
X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
- STACK_OF(X509) *certs, unsigned long flags)
+ const STACK_OF(X509) *certs, unsigned long flags)
{
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_PKEY_CTX *pkctx = NULL;
#include "ocsp_local.h"
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
- STACK_OF(X509) *certs, unsigned long flags);
-static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
+ const STACK_OF(X509) *certs, unsigned long flags);
+static X509 *ocsp_find_signer_sk(const STACK_OF(X509) *certs, OCSP_RESPID *id);
static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain);
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
OCSP_CERTID **ret);
STACK_OF(OCSP_SINGLERESP) *sresp);
static int ocsp_check_delegated(X509 *x);
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
- const X509_NAME *nm, STACK_OF(X509) *certs,
+ const X509_NAME *nm, const STACK_OF(X509) *certs,
unsigned long flags);
/* Returns 1 on success, 0 on failure, or -1 on fatal error */
}
/* Verify a basic response message */
-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+int OCSP_basic_verify(OCSP_BASICRESP *bs, const STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags)
{
X509 *signer, *x;
}
int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
- STACK_OF(X509) *extra_certs)
+ const STACK_OF(X509) *extra_certs)
{
return ocsp_find_signer(signer, bs, extra_certs, 0) > 0;
}
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
- STACK_OF(X509) *certs, unsigned long flags)
+ const STACK_OF(X509) *certs, unsigned long flags)
{
X509 *signer;
OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
return 0;
}
-static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
+static X509 *ocsp_find_signer_sk(const STACK_OF(X509) *certs, OCSP_RESPID *id)
{
int i, r;
unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
* Just find the signer's certificate and verify it against a given trust value.
* Returns 1 on success, 0 on failure and on fatal error.
*/
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+int OCSP_request_verify(OCSP_REQUEST *req, const STACK_OF(X509) *certs,
X509_STORE *store, unsigned long flags)
{
X509 *signer;
}
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
- const X509_NAME *nm, STACK_OF(X509) *certs,
+ const X509_NAME *nm, const STACK_OF(X509) *certs,
unsigned long flags)
{
X509 *signer;
static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
- BIO *data, int flags, OSSL_LIB_CTX *libctx,
- const char *propq)
+PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, const STACK_OF(X509) *certs,
+ BIO *data, int flags, OSSL_LIB_CTX *libctx, const char *propq)
{
PKCS7 *p7;
int i;
return NULL;
}
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, const STACK_OF(X509) *certs,
BIO *data, int flags)
{
return PKCS7_sign_ex(signcert, pkey, certs, data, flags, NULL, NULL);
}
/* This strongly overlaps with CMS_verify(), partly with PKCS7_dataVerify() */
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+int PKCS7_verify(PKCS7 *p7, const STACK_OF(X509) *certs, X509_STORE *store,
BIO *indata, BIO *out, int flags)
{
STACK_OF(X509) *signers;
return ret;
}
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
- int flags)
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, const STACK_OF(X509) *certs, int flags)
{
STACK_OF(X509) *signers, *included_certs;
STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
/* Build a complete PKCS#7 enveloped data */
-PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
+PKCS7 *PKCS7_encrypt_ex(const STACK_OF(X509) *certs, BIO *in,
const EVP_CIPHER *cipher, int flags,
OSSL_LIB_CTX *libctx, const char *propq)
{
return NULL;
}
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
- int flags)
+PKCS7 *PKCS7_encrypt(const STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags)
{
return PKCS7_encrypt_ex(certs, in, cipher, flags, NULL, NULL);
}
* - Verify the signature value.
* - Returns the signer certificate in 'signer', if 'signer' is not NULL.
*/
-int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+int TS_RESP_verify_signature(PKCS7 *token, const STACK_OF(X509) *certs,
X509_STORE *store, X509 **signer_out)
{
STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
return 1;
}
-int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags)
+int X509_add_certs(STACK_OF(X509) *sk, const STACK_OF(X509) *certs, int flags)
/* compiler would allow 'const' for the certs, yet they may get up-ref'ed */
{
if (sk == NULL) {
return ossl_x509_add_certs_new(&sk, certs, flags);
}
-int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs,
- int flags)
+int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, const STACK_OF(X509) *certs, int flags)
/* compiler would allow 'const' for the certs, yet they may get up-ref'ed */
{
int n = sk_X509_num(certs /* may be NULL */);
#endif
/* Search a stack of X509 for a match */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name,
+X509 *X509_find_by_issuer_and_serial(const STACK_OF(X509) *sk, const X509_NAME *name,
const ASN1_INTEGER *serial)
{
int i;
return NULL;
}
-X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name)
+X509 *X509_find_by_subject(const STACK_OF(X509) *sk, const X509_NAME *name)
{
X509 *x509;
int i;
#include <openssl/cms.h>
- CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
+ CMS_ContentInfo *CMS_encrypt_ex(const STACK_OF(X509) *certs, BIO *in,
const EVP_CIPHER *cipher, unsigned int flags,
OSSL_LIB_CTX *libctx, const char *propq);
- CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+ CMS_ContentInfo *CMS_encrypt(const STACK_OF(X509) *certs, BIO *in,
const EVP_CIPHER *cipher, unsigned int flags);
=head1 DESCRIPTION
#include <openssl/cms.h>
CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
- EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ EVP_PKEY *pkey, const STACK_OF(X509) *certs,
unsigned int flags);
=head1 DESCRIPTION
#include <openssl/cms.h>
- int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
+ int CMS_verify(CMS_ContentInfo *cms, const STACK_OF(X509) *certs,
+ X509_STORE *store,
BIO *detached_data, BIO *out, unsigned int flags);
BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
- STACK_OF(X509) *scerts, X509_STORE *store,
- STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+ const STACK_OF(X509) *scerts, X509_STORE *store,
+ const STACK_OF(X509) *extra,
+ const STACK_OF(X509_CRL) *crls,
unsigned int flags,
OSSL_LIB_CTX *libctx, const char *propq);
#include <openssl/cms.h>
int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
- STACK_OF(X509) *certs, X509_STORE *store,
+ const STACK_OF(X509) *certs, X509_STORE *store,
unsigned int flags);
=head1 DESCRIPTION
int OCSP_request_sign(OCSP_REQUEST *req,
X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
- STACK_OF(X509) *certs, unsigned long flags);
+ const STACK_OF(X509) *certs, unsigned long flags);
int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
ASN1_GENERALIZEDTIME *nextupd,
long sec, long maxsec);
- int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+ int OCSP_basic_verify(OCSP_BASICRESP *bs, const STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
=head1 DESCRIPTION
int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
- const EVP_MD *dgst, STACK_OF(X509) *certs,
+ const EVP_MD *dgst, const STACK_OF(X509) *certs,
unsigned long flags);
int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx,
- STACK_OF(X509) *certs, unsigned long flags);
+ const STACK_OF(X509) *certs, unsigned long flags);
=head1 DESCRIPTION
#include <openssl/pkcs7.h>
- PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
+ PKCS7 *PKCS7_encrypt_ex(const STACK_OF(X509) *certs, BIO *in,
const EVP_CIPHER *cipher, int flags,
OSSL_LIB_CTX *libctx, const char *propq);
- PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
- int flags);
+ PKCS7 *PKCS7_encrypt(const STACK_OF(X509) *certs, BIO *in,
+ const EVP_CIPHER *cipher, int flags);
=head1 DESCRIPTION
#include <openssl/pkcs7.h>
- PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey,
+ const STACK_OF(X509) *certs,
BIO *data, int flags, OSSL_LIB_CTX *libctx,
const char *propq);
- PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, const STACK_OF(X509) *certs,
BIO *data, int flags);
=head1 DESCRIPTION
#include <openssl/pkcs7.h>
- int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+ int PKCS7_verify(PKCS7 *p7, const STACK_OF(X509) *certs, X509_STORE *store,
BIO *indata, BIO *out, int flags);
- STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, const STACK_OF(X509) *certs,
+ int flags);
=head1 DESCRIPTION
The content is written to the BIO I<out> unless it is NULL.
I<flags> is an optional set of flags, which can be used to modify the operation.
-PKCS7_get0_signers() retrieves the signer
's certificates from I<p7>, it does
+PKCS7_get0_signers() retrieves the signer certificates from I<p7>, it does
B<not> check their validity or whether any signatures are valid. The I<certs>
and I<flags> parameters have the same meanings as in PKCS7_verify().
#include <openssl/x509.h>
int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags);
- int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags);
+ int X509_add_certs(STACK_OF(X509) *sk, const STACK_OF(X509) *certs, int flags);
=head1 DESCRIPTION
void *data, unsigned char *md, unsigned int *len,
OSSL_LIB_CTX *libctx, const char *propq);
int ossl_x509_add_cert_new(STACK_OF(X509) **sk, X509 *cert, int flags);
-int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs,
- int flags);
+int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, const STACK_OF(X509) *certs, int flags);
STACK_OF(X509_ATTRIBUTE) *ossl_x509at_dup(const STACK_OF(X509_ATTRIBUTE) *x);
unsigned int flags);
CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
- STACK_OF(X509) *certs, BIO *data,
- unsigned int flags);
+ const STACK_OF(X509) *certs, BIO *data, unsigned int flags);
CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
- STACK_OF(X509) *certs, BIO *data,
- unsigned int flags, OSSL_LIB_CTX *libctx,
- const char *propq);
+ const STACK_OF(X509) *certs, BIO *data,
+ unsigned int flags, OSSL_LIB_CTX *libctx, const char *propq);
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
- X509 *signcert, EVP_PKEY *pkey,
- STACK_OF(X509) *certs, unsigned int flags);
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
+ EVP_PKEY *pkey, const STACK_OF(X509) *certs, unsigned int flags);
int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
const unsigned char *key, size_t keylen);
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+int CMS_verify(CMS_ContentInfo *cms, const STACK_OF(X509) *certs,
X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
- STACK_OF(X509) *certs,
- X509_STORE *store, unsigned int flags);
+ const STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags);
STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+CMS_ContentInfo *CMS_encrypt(const STACK_OF(X509) *certs, BIO *in,
const EVP_CIPHER *cipher, unsigned int flags);
-CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
+CMS_ContentInfo *CMS_encrypt_ex(const STACK_OF(X509) *certs, BIO *in,
const EVP_CIPHER *cipher, unsigned int flags,
OSSL_LIB_CTX *libctx, const char *propq);
ASN1_OCTET_STRING **keyid,
X509_NAME **issuer, ASN1_INTEGER **sno);
int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
-int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, const STACK_OF(X509) *certs,
unsigned int flags);
void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
X509 **signer, X509_ALGOR **pdig,
int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
int CMS_SignerInfo_verify_ex(CMS_SignerInfo *si, BIO *chain, BIO *data);
BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
- STACK_OF(X509) *scerts, X509_STORE *store,
- STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
+ const STACK_OF(X509) *scerts, X509_STORE *store,
+ const STACK_OF(X509) *extra, const STACK_OF(X509_CRL) *crls,
unsigned int flags,
OSSL_LIB_CTX *libctx, const char *propq);
X509 *signer,
EVP_PKEY *key,
const EVP_MD *dgst,
- STACK_OF(X509) *certs, unsigned long flags);
+ const STACK_OF(X509) *certs, unsigned long flags);
int OCSP_response_status(OCSP_RESPONSE *resp);
OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
- STACK_OF(X509) *extra_certs);
+ const STACK_OF(X509) *extra_certs);
int OCSP_resp_count(OCSP_BASICRESP *bs);
OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec);
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+int OCSP_request_verify(OCSP_REQUEST *req, const STACK_OF(X509) *certs,
X509_STORE *store, unsigned long flags);
#define OCSP_parse_url(url, host, port, path, ssl) \
int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
int OCSP_basic_sign(OCSP_BASICRESP *brsp,
X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
- STACK_OF(X509) *certs, unsigned long flags);
+ const STACK_OF(X509) *certs, unsigned long flags);
int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
X509 *signer, EVP_MD_CTX *ctx,
- STACK_OF(X509) *certs, unsigned long flags);
+ const STACK_OF(X509) *certs, unsigned long flags);
int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert,
OSSL_LIB_CTX *libctx, const char *propq);
int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags);
int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags);
-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+int OCSP_basic_verify(OCSP_BASICRESP *bs, const STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
#ifdef __cplusplus
int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
STACK_OF(X509_ATTRIBUTE) *sk);
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, const STACK_OF(X509) *certs,
BIO *data, int flags);
-PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
- BIO *data, int flags, OSSL_LIB_CTX *libctx,
- const char *propq);
+PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, const STACK_OF(X509) *certs,
+ BIO *data, int flags, OSSL_LIB_CTX *libctx, const char *propq);
PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7,
X509 *signcert, EVP_PKEY *pkey,
const EVP_MD *md, int flags);
int PKCS7_final(PKCS7 *p7, BIO *data, int flags);
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+int PKCS7_verify(PKCS7 *p7, const STACK_OF(X509) *certs, X509_STORE *store,
BIO *indata, BIO *out, int flags);
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
- int flags);
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
- int flags);
-PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, const STACK_OF(X509) *certs, int flags);
+PKCS7 *PKCS7_encrypt(const STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+PKCS7 *PKCS7_encrypt_ex(const STACK_OF(X509) *certs, BIO *in,
const EVP_CIPHER *cipher, int flags,
OSSL_LIB_CTX *libctx, const char *propq);
int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data,
* they are defined in ts/ts_resp_verify.c.
*/
-int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+int TS_RESP_verify_signature(PKCS7 *token, const STACK_OF(X509) *certs,
X509_STORE *store, X509 **signer_out);
/* Context structure for the generic verify method. */
#define X509_ADD_FLAG_NO_DUP 0x4
#define X509_ADD_FLAG_NO_SS 0x8
int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags);
-int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags);
+int X509_add_certs(STACK_OF(X509) *sk, const STACK_OF(X509) *certs, int flags);
int X509_cmp(const X509 *a, const X509 *b);
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
const unsigned char *bytes, int len);
/* lookup a cert from a X509 STACK */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name,
+X509 *X509_find_by_issuer_and_serial(const STACK_OF(X509) *sk, const X509_NAME *name,
const ASN1_INTEGER *serial);
-X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name);
+X509 *X509_find_by_subject(const STACK_OF(X509) *sk, const X509_NAME *name);
DECLARE_ASN1_FUNCTIONS(PBEPARAM)
DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
projects / thirdparty / openssl.git / commitdiff
