]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1cc9298)
Fix const spec in ssl
authorMilan Broz <gmazyland@gmail.com>
Tue, 20 Jan 2026 15:35:25 +0000 (16:35 +0100)
committerNeil Horman <nhorman@openssl.org>
Tue, 3 Feb 2026 17:26:23 +0000 (12:26 -0500)
This patch fixes several const specifiers and undeeded
casts (visible with non-default const-qual warning).

Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Feb  3 17:26:31 2026
(Merged from https://github.com/openssl/openssl/pull/29799)

ssl/quic/quic_cfq.c patch | blob | blame | history
ssl/quic/quic_port.c patch | blob | blame | history
ssl/ssl_cert.c patch | blob | blame | history
ssl/ssl_lib.c patch | blob | blame | history
ssl/ssl_sess.c patch | blob | blame | history
ssl/t1_enc.c patch | blob | blame | history

diff --git a/ssl/quic/quic_cfq.c b/ssl/quic/quic_cfq.c
index 3c59234ff0ff7d7f4b143b2b591a1278f7b8a0b7..85c4c01e7a9debec87ba540a85753e950fd4b909 100644 (file)
--- a/ssl/quic/quic_cfq.c
+++ b/ssl/quic/quic_cfq.c
@@ -26,42 +26,42 @@ struct quic_cfq_item_ex_st {
 
 uint64_t ossl_quic_cfq_item_get_frame_type(const QUIC_CFQ_ITEM *item)
 {
-    QUIC_CFQ_ITEM_EX *ex = (QUIC_CFQ_ITEM_EX *)item;
+    const QUIC_CFQ_ITEM_EX *ex = (const QUIC_CFQ_ITEM_EX *)item;
 
     return ex->frame_type;
 }
 
 const unsigned char *ossl_quic_cfq_item_get_encoded(const QUIC_CFQ_ITEM *item)
 {
-    QUIC_CFQ_ITEM_EX *ex = (QUIC_CFQ_ITEM_EX *)item;
+    const QUIC_CFQ_ITEM_EX *ex = (const QUIC_CFQ_ITEM_EX *)item;
 
     return ex->encoded;
 }
 
 size_t ossl_quic_cfq_item_get_encoded_len(const QUIC_CFQ_ITEM *item)
 {
-    QUIC_CFQ_ITEM_EX *ex = (QUIC_CFQ_ITEM_EX *)item;
+    const QUIC_CFQ_ITEM_EX *ex = (const QUIC_CFQ_ITEM_EX *)item;
 
     return ex->encoded_len;
 }
 
 int ossl_quic_cfq_item_get_state(const QUIC_CFQ_ITEM *item)
 {
-    QUIC_CFQ_ITEM_EX *ex = (QUIC_CFQ_ITEM_EX *)item;
+    const QUIC_CFQ_ITEM_EX *ex = (const QUIC_CFQ_ITEM_EX *)item;
 
     return ex->state;
 }
 
 uint32_t ossl_quic_cfq_item_get_pn_space(const QUIC_CFQ_ITEM *item)
 {
-    QUIC_CFQ_ITEM_EX *ex = (QUIC_CFQ_ITEM_EX *)item;
+    const QUIC_CFQ_ITEM_EX *ex = (const QUIC_CFQ_ITEM_EX *)item;
 
     return ex->pn_space;
 }
 
 int ossl_quic_cfq_item_is_unreliable(const QUIC_CFQ_ITEM *item)
 {
-    QUIC_CFQ_ITEM_EX *ex = (QUIC_CFQ_ITEM_EX *)item;
+    const QUIC_CFQ_ITEM_EX *ex = (const QUIC_CFQ_ITEM_EX *)item;
 
     return (ex->flags & QUIC_CFQ_ITEM_FLAG_UNRELIABLE) != 0;
 }
diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 1801ec7169859b023147cd41542b1aea2ee75c67..08874a6d4b8c742017ceb47f4efca864f01d2e94 100644 (file)
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -865,7 +865,7 @@ static int port_try_handle_stateless_reset(QUIC_PORT *port, const QUIC_URXE *e)
 
     for (i = 0;; ++i) {
         if (!ossl_quic_srtm_lookup(port->srtm,
-                (QUIC_STATELESS_RESET_TOKEN *)(data + e->data_len
+                (const QUIC_STATELESS_RESET_TOKEN *)(data + e->data_len
                     - sizeof(QUIC_STATELESS_RESET_TOKEN)),
                 i, &opaque, NULL))
             break;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 3d21801aa13a3a711d9e58b567e97087df048eb9..3bcf398ded9d904a105792636ed39eab04898e38 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -741,8 +741,8 @@ static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
     /* X509_NAME_cmp() itself casts away constness in this way, so
      * assume it's safe:
      */
-    alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
-    blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
+    alen = i2d_X509_NAME(a, &abuf);
+    blen = i2d_X509_NAME(b, &bbuf);
 
     if (alen < 0 || blen < 0)
         ret = -2;
@@ -765,7 +765,7 @@ static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
 static unsigned long xname_hash(const X509_NAME *a)
 {
     /* This returns 0 also if SHA1 is not available */
-    return X509_NAME_hash_ex((X509_NAME *)a, NULL, NULL, NULL);
+    return X509_NAME_hash_ex(a, NULL, NULL, NULL);
 }
 
 STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 60bb051f26fd65a305885be6afac98c68bc94c39..ee657d601568e4eeb0859bd80b6a837f9574000b 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -8147,7 +8147,7 @@ int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk)
 
 EVP_PKEY *SSL_get0_peer_rpk(const SSL *s)
 {
-    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
 
     if (sc == NULL || sc->session == NULL)
         return NULL;
@@ -8156,7 +8156,7 @@ EVP_PKEY *SSL_get0_peer_rpk(const SSL *s)
 
 int SSL_get_negotiated_client_cert_type(const SSL *s)
 {
-    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
 
     if (sc == NULL)
         return 0;
@@ -8166,7 +8166,7 @@ int SSL_get_negotiated_client_cert_type(const SSL *s)
 
 int SSL_get_negotiated_server_cert_type(const SSL *s)
 {
-    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
 
     if (sc == NULL)
         return 0;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 3873a96d2186b999a664fd0bfe8506532ef0f530..fd37b6f67cf501830614864e8028b71044522106 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -61,7 +61,7 @@ void ssl_session_calculate_timeout(SSL_SESSION *ss)
 SSL_SESSION *SSL_get_session(const SSL *ssl)
 /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
 {
-    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
+    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
 
     if (sc == NULL)
         return NULL;
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index b868846bc7b6e95e6f556943ef7b931fbb4ea504..4f39cf7c4deef7732719eeac6d218d10e8eaf541 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -469,7 +469,7 @@ int tls1_export_keying_material(SSL_CONNECTION *s, unsigned char *out,
     if (val == NULL)
         goto ret;
     currentvalpos = 0;
-    memcpy(val + currentvalpos, (unsigned char *)label, llen);
+    memcpy(val + currentvalpos, label, llen);
     currentvalpos += llen;
     memcpy(val + currentvalpos, s->s3.client_random, SSL3_RANDOM_SIZE);
     currentvalpos += SSL3_RANDOM_SIZE;
Mirror of https://github.com/openssl/openssl.git