Add const to the 'name', 'value', and 'section' arguments of

X509V3_EXT_{,n}conf_nid(3), X509_EXT_{,n}conf(3)
X509V3{,_CRL,_REQ}_add_{,n}conf(3) as well as the get_string()
and get_section() members of X509_CONF_METHOD_st.

tested in a bulk build by sthen
ok jsing

2 files changed, 61 insertions, 48 deletions

diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index 27e1bc9f57..bb06c18536 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_conf.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: v3_conf.c,v 1.22 2018/05/13 17:49:02 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -66,23 +66,27 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-static int v3_check_critical(char **value);
-static int v3_check_generic(char **value);
+static int v3_check_critical(const char **value);
+static int v3_check_generic(const char **value);
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-    int crit, char *value);
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+    int crit, const char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
     int crit, int type, X509V3_CTX *ctx);
-static char *conf_lhash_get_string(void *db, char *section, char *value);
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
+static char *conf_lhash_get_string(void *db, const char *section,
+    const char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db,
+    const char *section);
 static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
     int crit, void *ext_struc);
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+    long *ext_len);
 
 /* CONF *conf:  Config file    */
 /* char *name:  Name    */
 /* char *value:  Value    */
 X509_EXTENSION *
-X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
+X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+    const char *value)
 {
         int crit;
         int ext_type;
@@ -102,7 +106,8 @@ X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
 /* CONF *conf:  Config file    */
 /* char *value:  Value    */
 X509_EXTENSION *
-X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value)
+X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+    const char *value)
 {
         int crit;
         int ext_type;
@@ -117,7 +122,8 @@ X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value)
 /* CONF *conf:  Config file    */
 /* char *value:  Value    */
 static X509_EXTENSION *
-do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
+do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit,
+    const char *value)
 {
         const X509V3_EXT_METHOD *method;
         X509_EXTENSION *ext;
@@ -233,9 +239,9 @@ X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
 
 /* Check the extension string for critical flag */
 static int
-v3_check_critical(char **value)
+v3_check_critical(const char **value)
 {
-        char *p = *value;
+        const char *p = *value;
 
         if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
                 return 0;
@@ -247,10 +253,10 @@ v3_check_critical(char **value)
 
 /* Check extension string for generic extension and return the type */
 static int
-v3_check_generic(char **value)
+v3_check_generic(const char **value)
 {
         int gen_type = 0;
-        char *p = *value;
+        const char *p = *value;
 
         if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
                 p += 4;
@@ -269,7 +275,7 @@ v3_check_generic(char **value)
 
 /* Create a generic extension: for now just handle DER type */
 static X509_EXTENSION *
-v3_generic_extension(const char *ext, char *value, int crit, int gen_type,
+v3_generic_extension(const char *ext, const char *value, int crit, int gen_type,
     X509V3_CTX *ctx)
 {
         unsigned char *ext_der = NULL;
@@ -318,7 +324,7 @@ err:
 }
 
 static unsigned char *
-generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
+generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len)
 {
         ASN1_TYPE *typ;
         unsigned char *ext_der = NULL;
@@ -336,7 +342,7 @@ generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
  */
 
 int
-X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
     STACK_OF(X509_EXTENSION) **sk)
 {
         X509_EXTENSION *ext;
@@ -360,7 +366,8 @@ X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
 /* Convenience functions to add extensions to a certificate, CRL and request */
 
 int
-X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
+X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+    X509 *cert)
 {
         STACK_OF(X509_EXTENSION) **sk = NULL;
 
@@ -372,7 +379,7 @@ X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
 /* Same as above but for a CRL */
 
 int
-X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
     X509_CRL *crl)
 {
         STACK_OF(X509_EXTENSION) **sk = NULL;
@@ -385,7 +392,7 @@ X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
 /* Add extensions to certificate request */
 
 int
-X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
     X509_REQ *req)
 {
         STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
@@ -446,13 +453,13 @@ X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
 }
 
 static char *
-nconf_get_string(void *db, char *section, char *value)
+nconf_get_string(void *db, const char *section, const char *value)
 {
         return NCONF_get_string(db, section, value);
 }
 
-static
-STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+static STACK_OF(CONF_VALUE) *
+nconf_get_section(void *db, const char *section)
 {
         return NCONF_get_section(db, section);
 }
@@ -485,8 +492,8 @@ X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
 /* Old conf compatibility functions */
 
 X509_EXTENSION *
-X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name,
-    char *value)
+X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name,
+    const char *value)
 {
         CONF ctmp;
 
@@ -498,7 +505,7 @@ X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name,
 /* char *value:  Value    */
 X509_EXTENSION *
 X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid,
-    char *value)
+    const char *value)
 {
         CONF ctmp;
 
@@ -507,13 +514,13 @@ X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid,
 }
 
 static char *
-conf_lhash_get_string(void *db, char *section, char *value)
+conf_lhash_get_string(void *db, const char *section, const char *value)
 {
         return CONF_get_string(db, section, value);
 }
 
 static STACK_OF(CONF_VALUE) *
-conf_lhash_get_section(void *db, char *section)
+conf_lhash_get_section(void *db, const char *section)
 {
         return CONF_get_section(db, section);
 }
@@ -533,8 +540,8 @@ X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
 }
 
 int
-X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section,
-    X509 *cert)
+X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+    const char *section, X509 *cert)
 {
         CONF ctmp;
 
@@ -546,7 +553,7 @@ X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section,
 
 int
 X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-    char *section, X509_CRL *crl)
+    const char *section, X509_CRL *crl)
 {
         CONF ctmp;
 
@@ -558,7 +565,7 @@ X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
 
 int
 X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-    char *section, X509_REQ *req)
+    const char *section, X509_REQ *req)
 {
         CONF ctmp;
 
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
index 3efb4ef25d..429239424c 100644
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ b/src/lib/libcrypto/x509v3/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.24 2018/05/13 15:03:01 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.25 2018/05/13 17:49:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -121,9 +121,9 @@ void *usr_data;	/* Any extension specific data */
 };
 
 typedef struct X509V3_CONF_METHOD_st {
-char * (*get_string)(void *db, char *section, char *value);
-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
-void (*free_string)(void *db, char * string);
+char *(*get_string)(void *db, const char *section, const char *value);
+STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section);
+void (*free_string)(void *db, char *string);
 void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
 } X509V3_CONF_METHOD;
 
@@ -696,23 +696,29 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
                                   X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
 void X509V3_conf_free(CONF_VALUE *val);
 
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+    const char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+    const char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+    STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+    X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+    X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+    X509_CRL *crl);
 
 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                                    int ext_nid, char *value);
+    int ext_nid, const char *value);
 X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                                char *name, char *value);
+    const char *name, const char *value);
 int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                        char *section, X509 *cert);
+    const char *section, X509 *cert);
 int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                            char *section, X509_REQ *req);
+    const char *section, X509_REQ *req);
 int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                            char *section, X509_CRL *crl);
+    const char *section, X509_CRL *crl);
 
 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
                              STACK_OF(CONF_VALUE) **extlist);