Partially revert "Constify X509_STORE_CTX functions invoving X509 *"

This reverts constification of the return value types
of X509_STORE_CTX_get_current_cert(), X509_STORE_CTX_get0_current_issuer(),
X509_STORE_CTX_get0_cert() functions, and arguments
of X509_STORE_CTX_set_cert() and X509_STORE_CTX_init() functions.
Constification of users of these functions, as well as
X509_STORE_CTX_get_issuer_fn and X509_STORE_CTX_check_issued_fn types,
remained in place.

Complements: e5b563366b00 "Constify X509_STORE_CTX functions invoving X509 *"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Fri Mar  6 18:33:12 2026
(Merged from https://github.com/openssl/openssl/pull/30272)

diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 99d68b32b477709504e9b6f6b7a2525830159ff7..9b92f2ac2b6f7d5746b61b55f0ef5f53d1c7a5ae 100644 (file)
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -391,8 +391,7 @@ int ossl_x509_print_ex_brief(BIO *bio, const X509 *cert, unsigned long neg_cflag
     if (BIO_printf(bio, "    certificate\n") <= 0
         || !X509_print_ex(bio, cert, flags, ~X509_FLAG_NO_SUBJECT))
         goto err;
-    /* XXX casts away const - remove cast once #30067 lands */
-    if (X509_check_issued((X509 *)cert, (X509 *)cert) == X509_V_OK) {
+    if (X509_check_issued(cert, cert) == X509_V_OK) {
         if (BIO_printf(bio, "        self-issued\n") <= 0)
             goto err;
     } else {

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index c5428dc15d8ac9a51439fbfce185fed100fc7efd..8d93eca93561c10462b79ee4fd8cdbc41beba119 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -493,8 +493,7 @@ end:
 /* Check that the given certificate |x| is issued by the certificate |issuer| */
 static int check_issued(ossl_unused X509_STORE_CTX *ctx, const X509 *x, const X509 *issuer)
 {
-    /* XXX casts away const, remove cast when #30067 lands */
-    int err = ossl_x509_likely_issued((X509 *)issuer, (X509 *)x);
+    int err = ossl_x509_likely_issued(issuer, x);
 
     if (err == X509_V_OK)
         return 1;
@@ -2693,7 +2692,7 @@ void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth)
     ctx->error_depth = depth;
 }
 
-const X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx)
+X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx)
 {
     return ctx->current_cert;
 }
@@ -2715,7 +2714,7 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx)
     return X509_chain_up_ref(ctx->chain);
 }
 
-const X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx)
+X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx)
 {
     return ctx->current_issuer;
 }
@@ -2730,10 +2729,9 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx)
     return ctx->parent;
 }
 
-void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, const X509 *x)
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
 {
-    /* XXX casts away const - fix by making ctx->cert const */
-    ctx->cert = (X509 *)x;
+    ctx->cert = x;
 }
 
 void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *rpk)
@@ -3075,7 +3073,7 @@ void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
     ctx->current_reasons = current_reasons;
 }
 
-const X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx)
+X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx)
 {
     return ctx->cert;
 }

diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod
index dae6fa7d032b36b272e9bb6eb2e57769a55a5843..e1c7ae734cb0ac7b80724b662dcdf17c967de98c 100644 (file)
--- a/doc/man3/X509_STORE_CTX_get_error.pod
+++ b/doc/man3/X509_STORE_CTX_get_error.pod
@@ -18,9 +18,9 @@ information
  void  X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
  int   X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx);
  void  X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
- const X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
+ X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
  void  X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
- const X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+ X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
  STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
  X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx);
 

diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod
index fb34afdb1eb6958e9e07049ba2dfb0dde1e231fb..143438655efd8628dca8174cbf406cc7c8b9ccc3 100644 (file)
--- a/doc/man3/X509_STORE_CTX_new.pod
+++ b/doc/man3/X509_STORE_CTX_new.pod
@@ -32,13 +32,13 @@ X509_STORE_CTX_purpose_inherit
  void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 
  int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
-                         const X509 *target, STACK_OF(X509) *untrusted);
+                         X509 *target, STACK_OF(X509) *untrusted);
  int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
                              EVP_PKEY *rpk);
 
  void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 
- void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, const X509 *target);
+ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
  void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
  void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 

diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in
index 575299c91d2a4bde69cc648dab4f253d101dd831..3d1fe26e0f74bc086868c2ec54a2c29b1d323da6 100644 (file)
--- a/include/openssl/x509_vfy.h.in
+++ b/include/openssl/x509_vfy.h.in
@@ -505,7 +505,7 @@ void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
-const X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
 EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
@@ -688,14 +688,14 @@ int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
 int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
-const X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
-const X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx);
 X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx);
 X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
-void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, const X509 *target);
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
 void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);