4 files changed, 24 insertions, 28 deletions

diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 746339bebd..08063d191b 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_alt.c,v 1.27 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: v3_alt.c,v 1.28 2018/05/18 19:34:37 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -69,8 +69,8 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
 
 const X509V3_EXT_METHOD v3_alt[] = {
         {
@@ -481,7 +481,7 @@ v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
 
 GENERAL_NAME *
 a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
-    X509V3_CTX *ctx, int gen_type, char *value, int is_nc)
+    X509V3_CTX *ctx, int gen_type, const char *value, int is_nc)
 {
         char is_string = 0;
         GENERAL_NAME *gen = NULL;
@@ -553,8 +553,7 @@ a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
 
         if (is_string) {
                 if (!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
-                    !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
-                        strlen(value))) {
+                    !ASN1_STRING_set(gen->d.ia5, value, strlen(value))) {
                         X509V3error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
@@ -609,7 +608,7 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
 }
 
 static int
-do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
 {
         char *objtmp = NULL, *p;
         int objlen;
@@ -638,7 +637,7 @@ do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
 }
 
 static int
-do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
 {
         int ret;
         STACK_OF(CONF_VALUE) *sk;
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index bb06c18536..78ff19808b 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_conf.c,v 1.22 2018/05/13 17:49:02 tb Exp $ */
+/* $OpenBSD: v3_conf.c,v 1.23 2018/05/18 19:34:37 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -411,27 +411,23 @@ X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
 /* Config database functions */
 
 char *
-X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
+X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section)
 {
         if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
                 X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
                 return NULL;
         }
-        if (ctx->db_meth->get_string)
-                return ctx->db_meth->get_string(ctx->db, name, section);
-        return NULL;
+        return ctx->db_meth->get_string(ctx->db, name, section);
 }
 
 STACK_OF(CONF_VALUE) *
-X509V3_get_section(X509V3_CTX *ctx, char *section)
+X509V3_get_section(X509V3_CTX *ctx, const char *section)
 {
         if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
                 X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
                 return NULL;
         }
-        if (ctx->db_meth->get_section)
-                return ctx->db_meth->get_section(ctx->db, section);
-        return NULL;
+        return ctx->db_meth->get_section(ctx->db, section);
 }
 
 void
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
index ff3b2c3e86..20af52141a 100644
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_utl.c,v 1.28 2018/04/25 11:48:21 tb Exp $ */
+/* $OpenBSD: v3_utl.c,v 1.29 2018/05/18 19:34:37 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -140,7 +140,7 @@ X509V3_add_value_bool(const char *name, int asn1_bool,
 }
 
 int
-X509V3_add_value_bool_nf(char *name, int asn1_bool,
+X509V3_add_value_bool_nf(const char *name, int asn1_bool,
     STACK_OF(CONF_VALUE) **extlist)
 {
         if (asn1_bool)
@@ -246,7 +246,7 @@ X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
 }
 
 int
-X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
+X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool)
 {
         char *btmp;
 
@@ -271,7 +271,7 @@ err:
 }
 
 int
-X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
+X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint)
 {
         ASN1_INTEGER *itmp;
 
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
index 0d636d7bf4..218c0cf391 100644
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ b/src/lib/libcrypto/x509v3/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.26 2018/05/18 18:30:03 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.27 2018/05/18 19:34:37 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -686,7 +686,7 @@ extern const ASN1_ITEM POLICY_CONSTRAINTS_it;
 
 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
                                const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                               int gen_type, char *value, int is_nc);
+                               int gen_type, const char *value, int is_nc);
 
 #ifdef HEADER_CONF_H
 GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
@@ -720,16 +720,17 @@ int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
 int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
     const char *section, X509_CRL *crl);
 
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
                              STACK_OF(CONF_VALUE) **extlist);
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
 #endif
 
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name,
+    const char *section);
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
 void X509V3_string_free(X509V3_CTX *ctx, char *str);
 void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,