7 files changed, 30 insertions, 38 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 143dd8a003..f996af188f 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.155 2018/04/11 17:47:36 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.156 2018/04/25 07:10:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -727,10 +727,10 @@ void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
 void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
    SSL_SESSION *sess);
 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
-    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
+    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-    int len, int *copy));
+    const unsigned char *data, int len, int *copy));
 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
-    unsigned char *Data, int len, int *copy);
+    const unsigned char *Data, int len, int *copy);
 void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
    int type, int val));
 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
@@ -746,7 +746,7 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
    unsigned int *cookie_len));
 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+    int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie,
    unsigned int cookie_len));
 void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
    const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
@@ -1247,7 +1247,7 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
 const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id);
 const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value);
 int     SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
-char *  SSL_CIPHER_get_version(const SSL_CIPHER *c);
+const char *    SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *    SSL_CIPHER_get_name(const SSL_CIPHER *c);
 unsigned long   SSL_CIPHER_get_id(const SSL_CIPHER *c);
 uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
@@ -1279,7 +1279,7 @@ void	SSL_set_verify(SSL *s, int mode,
            int (*callback)(int ok, X509_STORE_CTX *ctx));
 void    SSL_set_verify_depth(SSL *s, int depth);
 int     SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len);
 int     SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
 int     SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
 int     SSL_use_certificate(SSL *ssl, X509 *x);
@@ -1457,12 +1457,12 @@ long SSL_get_default_timeout(const SSL *s);
 int SSL_library_init(void );
 char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
+STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
 SSL *SSL_dup(SSL *ssl);
 X509 *SSL_get_certificate(const SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
+/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index a244353b88..a01f484578 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.66 2017/08/12 02:55:22 jsing Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.67 2018/04/25 07:10:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -454,7 +454,7 @@ set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
 }
 STACK_OF(X509_NAME) *
-SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
+SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
 {
        int i;
        STACK_OF(X509_NAME) *ret;
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 271d77f38b..cd0e9b0ad6 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.98 2018/03/17 14:40:45 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.99 2018/04/25 07:10:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1674,7 +1674,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        return (ret);
 }
-char *
+const char *
 SSL_CIPHER_get_version(const SSL_CIPHER *c)
 {
        if (c == NULL)
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 5cae53041d..4f1eb5bf0a 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.184 2018/04/14 07:09:21 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.185 2018/04/25 07:10:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2654,7 +2654,7 @@ SSL_get_certificate(const SSL *s)
 /* Fix this function so that it takes an optional type parameter */
 EVP_PKEY *
-SSL_get_privatekey(SSL *s)
+SSL_get_privatekey(const SSL *s)
 {
        if (s->cert != NULL)
                return (s->cert->key->privatekey);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 1677377c64..696ffc44b9 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.204 2018/04/07 17:02:34 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.205 2018/04/25 07:10:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -460,7 +460,7 @@ typedef struct ssl_ctx_internal_st {
        int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
        void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
        SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-            unsigned char *data, int len, int *copy);
+            const unsigned char *data, int len, int *copy);
        /* if defined, these override the X509_verify_cert() calls */
        int (*app_verify_callback)(X509_STORE_CTX *, void *);
@@ -474,7 +474,7 @@ typedef struct ssl_ctx_internal_st {
            unsigned int *cookie_len);
        /* verify cookie callback */
-        int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+        int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie,
            unsigned int cookie_len);
        void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index e99ce1e3ae..631aaa5077 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_rsa.c,v 1.28 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.29 2018/04/25 07:10:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -133,7 +133,7 @@ SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
        X509 *x;
        int ret;
-        x = d2i_X509(NULL, &d,(long)len);
+        x = d2i_X509(NULL, &d, (long)len);
        if (x == NULL) {
                SSLerror(ssl, ERR_R_ASN1_LIB);
                return (0);
@@ -254,14 +254,12 @@ end:
 }
 int
-SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
+SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
 {
        int ret;
-        const unsigned char *p;
        RSA *rsa;
-        p = d;
+        if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
-        if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
                SSLerror(ssl, ERR_R_ASN1_LIB);
                return (0);
        }
@@ -332,11 +330,9 @@ int
 SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
 {
        int ret;
-        const unsigned char *p;
        EVP_PKEY *pkey;
-        p = d;
+        if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
-        if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
                SSLerror(ssl, ERR_R_ASN1_LIB);
                return (0);
        }
@@ -465,7 +461,7 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
        X509 *x;
        int ret;
-        x = d2i_X509(NULL, &d,(long)len);
+        x = d2i_X509(NULL, &d, (long)len);
        if (x == NULL) {
                SSLerrorx(ERR_R_ASN1_LIB);
                return (0);
@@ -547,11 +543,9 @@ int
 SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
 {
        int ret;
-        const unsigned char *p;
        RSA *rsa;
-        p = d;
+        if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
-        if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
                SSLerrorx(ERR_R_ASN1_LIB);
                return (0);
        }
@@ -620,11 +614,9 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
    long len)
 {
        int ret;
-        const unsigned char *p;
        EVP_PKEY *pkey;
-        p = d;
+        if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
-        if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
                SSLerrorx(ERR_R_ASN1_LIB);
                return (0);
        }
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index b3ee7ef430..8ebeb273fe 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.79 2018/03/20 15:28:12 tb Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.80 2018/04/25 07:10:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1092,13 +1092,13 @@ void
 void
 SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl,
-    unsigned char *data, int len, int *copy))
+    const unsigned char *data, int len, int *copy))
 {
        ctx->internal->get_session_cb = cb;
 }
 SSL_SESSION *
-(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data,
+(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, const unsigned char *data,
    int len, int *copy)
 {
        return ctx->internal->get_session_cb;
@@ -1158,7 +1158,7 @@ SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
 void
 SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-    int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
+    int (*cb)(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len))
 {
        ctx->internal->app_verify_cookie_cb = cb;
 }