sprinkle some const over libssl

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

sprinkle some const over libssl

Theo Buehler-5
OpenSSL started adding const to functions all over the place. The patch
below makes all our libssl functions match theirs wrt const, except for
BIO_f_ssl(3). I plan to do this one in a later step as a reacharound
into libcrypto would about double the size of the diff.

This diff was put through an i386 bulk build by sthen (thanks!) and only
had minimal fallout which I'll deal with when committing this diff.

Index: lib/libssl/ssl.h
===================================================================
RCS file: /var/cvs/src/lib/libssl/ssl.h,v
retrieving revision 1.155
diff -u -p -r1.155 ssl.h
--- lib/libssl/ssl.h 11 Apr 2018 17:47:36 -0000 1.155
+++ lib/libssl/ssl.h 20 Apr 2018 14:25:04 -0000
@@ -727,10 +727,10 @@ void SSL_CTX_sess_set_remove_cb(SSL_CTX
 void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
     SSL_SESSION *sess);
 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
-    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
-    int len, int *copy));
+    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
+    const unsigned char *data, int len, int *copy));
 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
-    unsigned char *Data, int len, int *copy);
+    const unsigned char *Data, int len, int *copy);
 void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
     int type, int val));
 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
@@ -746,7 +746,7 @@ void SSL_CTX_set_cookie_generate_cb(SSL_
     int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
     unsigned int *cookie_len));
 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+    int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie,
     unsigned int cookie_len));
 void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
     const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
@@ -1247,7 +1247,7 @@ const SSL_CIPHER *SSL_get_current_cipher
 const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id);
 const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value);
 int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
-char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
+const char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
 unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
 uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
@@ -1279,7 +1279,7 @@ void SSL_set_verify(SSL *s, int mode,
     int (*callback)(int ok, X509_STORE_CTX *ctx));
 void SSL_set_verify_depth(SSL *s, int depth);
 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len);
 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
 int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
 int SSL_use_certificate(SSL *ssl, X509 *x);
@@ -1457,12 +1457,12 @@ long SSL_get_default_timeout(const SSL *
 int SSL_library_init(void );
 
 char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
+STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
 
 SSL *SSL_dup(SSL *ssl);
 
 X509 *SSL_get_certificate(const SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
+/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
 
 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
Index: lib/libssl/ssl_cert.c
===================================================================
RCS file: /var/cvs/src/lib/libssl/ssl_cert.c,v
retrieving revision 1.66
diff -u -p -r1.66 ssl_cert.c
--- lib/libssl/ssl_cert.c 12 Aug 2017 02:55:22 -0000 1.66
+++ lib/libssl/ssl_cert.c 20 Apr 2018 14:25:04 -0000
@@ -454,7 +454,7 @@ set_client_CA_list(STACK_OF(X509_NAME) *
 }
 
 STACK_OF(X509_NAME) *
-SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
+SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
 {
  int i;
  STACK_OF(X509_NAME) *ret;
Index: lib/libssl/ssl_ciph.c
===================================================================
RCS file: /var/cvs/src/lib/libssl/ssl_ciph.c,v
retrieving revision 1.98
diff -u -p -r1.98 ssl_ciph.c
--- lib/libssl/ssl_ciph.c 17 Mar 2018 14:40:45 -0000 1.98
+++ lib/libssl/ssl_ciph.c 20 Apr 2018 14:25:04 -0000
@@ -1674,7 +1674,7 @@ SSL_CIPHER_description(const SSL_CIPHER
  return (ret);
 }
 
-char *
+const char *
 SSL_CIPHER_get_version(const SSL_CIPHER *c)
 {
  if (c == NULL)
Index: lib/libssl/ssl_lib.c
===================================================================
RCS file: /var/cvs/src/lib/libssl/ssl_lib.c,v
retrieving revision 1.184
diff -u -p -r1.184 ssl_lib.c
--- lib/libssl/ssl_lib.c 14 Apr 2018 07:09:21 -0000 1.184
+++ lib/libssl/ssl_lib.c 20 Apr 2018 14:25:04 -0000
@@ -2654,7 +2654,7 @@ SSL_get_certificate(const SSL *s)
 
 /* Fix this function so that it takes an optional type parameter */
 EVP_PKEY *
-SSL_get_privatekey(SSL *s)
+SSL_get_privatekey(const SSL *s)
 {
  if (s->cert != NULL)
  return (s->cert->key->privatekey);
Index: lib/libssl/ssl_locl.h
===================================================================
RCS file: /var/cvs/src/lib/libssl/ssl_locl.h,v
retrieving revision 1.204
diff -u -p -r1.204 ssl_locl.h
--- lib/libssl/ssl_locl.h 7 Apr 2018 17:02:34 -0000 1.204
+++ lib/libssl/ssl_locl.h 20 Apr 2018 14:25:04 -0000
@@ -460,7 +460,7 @@ typedef struct ssl_ctx_internal_st {
  int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
  void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
  SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-    unsigned char *data, int len, int *copy);
+    const unsigned char *data, int len, int *copy);
 
  /* if defined, these override the X509_verify_cert() calls */
  int (*app_verify_callback)(X509_STORE_CTX *, void *);
@@ -474,7 +474,7 @@ typedef struct ssl_ctx_internal_st {
     unsigned int *cookie_len);
 
  /* verify cookie callback */
- int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+ int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie,
     unsigned int cookie_len);
 
  void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
Index: lib/libssl/ssl_rsa.c
===================================================================
RCS file: /var/cvs/src/lib/libssl/ssl_rsa.c,v
retrieving revision 1.28
diff -u -p -r1.28 ssl_rsa.c
--- lib/libssl/ssl_rsa.c 7 Feb 2017 02:08:38 -0000 1.28
+++ lib/libssl/ssl_rsa.c 20 Apr 2018 14:25:04 -0000
@@ -133,7 +133,7 @@ SSL_use_certificate_ASN1(SSL *ssl, const
  X509 *x;
  int ret;
 
- x = d2i_X509(NULL, &d,(long)len);
+ x = d2i_X509(NULL, &d, (long)len);
  if (x == NULL) {
  SSLerror(ssl, ERR_R_ASN1_LIB);
  return (0);
@@ -254,14 +254,12 @@ end:
 }
 
 int
-SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
+SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
 {
  int ret;
- const unsigned char *p;
  RSA *rsa;
 
- p = d;
- if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
+ if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
  SSLerror(ssl, ERR_R_ASN1_LIB);
  return (0);
  }
@@ -332,11 +330,9 @@ int
 SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
 {
  int ret;
- const unsigned char *p;
  EVP_PKEY *pkey;
 
- p = d;
- if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
+ if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
  SSLerror(ssl, ERR_R_ASN1_LIB);
  return (0);
  }
@@ -465,7 +461,7 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ct
  X509 *x;
  int ret;
 
- x = d2i_X509(NULL, &d,(long)len);
+ x = d2i_X509(NULL, &d, (long)len);
  if (x == NULL) {
  SSLerrorx(ERR_R_ASN1_LIB);
  return (0);
@@ -547,11 +543,9 @@ int
 SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
 {
  int ret;
- const unsigned char *p;
  RSA *rsa;
 
- p = d;
- if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
+ if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
  SSLerrorx(ERR_R_ASN1_LIB);
  return (0);
  }
@@ -620,11 +614,9 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SS
     long len)
 {
  int ret;
- const unsigned char *p;
  EVP_PKEY *pkey;
 
- p = d;
- if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
+ if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
  SSLerrorx(ERR_R_ASN1_LIB);
  return (0);
  }
Index: lib/libssl/ssl_sess.c
===================================================================
RCS file: /var/cvs/src/lib/libssl/ssl_sess.c,v
retrieving revision 1.79
diff -u -p -r1.79 ssl_sess.c
--- lib/libssl/ssl_sess.c 20 Mar 2018 15:28:12 -0000 1.79
+++ lib/libssl/ssl_sess.c 20 Apr 2018 14:25:04 -0000
@@ -1092,13 +1092,13 @@ void
 
 void
 SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl,
-    unsigned char *data, int len, int *copy))
+    const unsigned char *data, int len, int *copy))
 {
  ctx->internal->get_session_cb = cb;
 }
 
 SSL_SESSION *
-(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data,
+(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, const unsigned char *data,
     int len, int *copy)
 {
  return ctx->internal->get_session_cb;
@@ -1158,7 +1158,7 @@ SSL_CTX_set_cookie_generate_cb(SSL_CTX *
 
 void
 SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-    int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
+    int (*cb)(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len))
 {
  ctx->internal->app_verify_cookie_cb = cb;
 }
Index: usr.bin/openssl/s_apps.h
===================================================================
RCS file: /var/cvs/src/usr.bin/openssl/s_apps.h,v
retrieving revision 1.4
diff -u -p -r1.4 s_apps.h
--- usr.bin/openssl/s_apps.h 30 Dec 2016 17:25:48 -0000 1.4
+++ usr.bin/openssl/s_apps.h 20 Apr 2018 14:25:04 -0000
@@ -147,5 +147,5 @@ void tlsext_cb(SSL *s, int client_server
 
 int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
     unsigned int *cookie_len);
-int verify_cookie_callback(SSL *ssl, unsigned char *cookie,
+int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
     unsigned int cookie_len);
Index: usr.bin/openssl/s_cb.c
===================================================================
RCS file: /var/cvs/src/usr.bin/openssl/s_cb.c,v
retrieving revision 1.9
diff -u -p -r1.9 s_cb.c
--- usr.bin/openssl/s_cb.c 15 Jan 2018 11:02:07 -0000 1.9
+++ usr.bin/openssl/s_cb.c 20 Apr 2018 14:25:04 -0000
@@ -821,7 +821,8 @@ generate_cookie_callback(SSL * ssl, unsi
 }
 
 int
-verify_cookie_callback(SSL * ssl, unsigned char *cookie, unsigned int cookie_len)
+verify_cookie_callback(SSL * ssl, const unsigned char *cookie,
+    unsigned int cookie_len)
 {
  unsigned char *buffer, result[EVP_MAX_MD_SIZE];
  unsigned int length, resultlength;

Reply | Threaded
Open this post in threaded view
|

Re: sprinkle some const over libssl

Brent Cook
Nice to see the "const unsigned char *p = d;" hackery going away. ok bcook@

On Tue, Apr 24, 2018 at 2:50 PM, Theo Buehler <[hidden email]> wrote:

> OpenSSL started adding const to functions all over the place. The patch
> below makes all our libssl functions match theirs wrt const, except for
> BIO_f_ssl(3). I plan to do this one in a later step as a reacharound
> into libcrypto would about double the size of the diff.
>
> This diff was put through an i386 bulk build by sthen (thanks!) and only
> had minimal fallout which I'll deal with when committing this diff.
>
> Index: lib/libssl/ssl.h
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl.h,v
> retrieving revision 1.155
> diff -u -p -r1.155 ssl.h
> --- lib/libssl/ssl.h    11 Apr 2018 17:47:36 -0000      1.155
> +++ lib/libssl/ssl.h    20 Apr 2018 14:25:04 -0000
> @@ -727,10 +727,10 @@ void SSL_CTX_sess_set_remove_cb(SSL_CTX
>  void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
>      SSL_SESSION *sess);
>  void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
> -    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char
> *data,
> -    int len, int *copy));
> +    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
> +    const unsigned char *data, int len, int *copy));
>  SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
> -    unsigned char *Data, int len, int *copy);
> +    const unsigned char *Data, int len, int *copy);
>  void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
>      int type, int val));
>  void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
> @@ -746,7 +746,7 @@ void SSL_CTX_set_cookie_generate_cb(SSL_
>      int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
>      unsigned int *cookie_len));
>  void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
> -    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
> +    int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie,
>      unsigned int cookie_len));
>  void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL
> *ssl,
>      const unsigned char **out, unsigned int *outlen, void *arg), void
> *arg);
> @@ -1247,7 +1247,7 @@ const SSL_CIPHER *SSL_get_current_cipher
>  const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id);
>  const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value);
>  int    SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
> -char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
> +const char *   SSL_CIPHER_get_version(const SSL_CIPHER *c);
>  const char *   SSL_CIPHER_get_name(const SSL_CIPHER *c);
>  unsigned long  SSL_CIPHER_get_id(const SSL_CIPHER *c);
>  uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
> @@ -1279,7 +1279,7 @@ void      SSL_set_verify(SSL *s, int mode,
>             int (*callback)(int ok, X509_STORE_CTX *ctx));
>  void   SSL_set_verify_depth(SSL *s, int depth);
>  int    SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
> -int    SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
> +int    SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long
> len);
>  int    SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
>  int    SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
> long len);
>  int    SSL_use_certificate(SSL *ssl, X509 *x);
> @@ -1457,12 +1457,12 @@ long SSL_get_default_timeout(const SSL *
>  int SSL_library_init(void );
>
>  char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
> -STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
> +STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
>
>  SSL *SSL_dup(SSL *ssl);
>
>  X509 *SSL_get_certificate(const SSL *ssl);
> -/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
> +/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
>
>  void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
>  int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
> Index: lib/libssl/ssl_cert.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_cert.c,v
> retrieving revision 1.66
> diff -u -p -r1.66 ssl_cert.c
> --- lib/libssl/ssl_cert.c       12 Aug 2017 02:55:22 -0000      1.66
> +++ lib/libssl/ssl_cert.c       20 Apr 2018 14:25:04 -0000
> @@ -454,7 +454,7 @@ set_client_CA_list(STACK_OF(X509_NAME) *
>  }
>
>  STACK_OF(X509_NAME) *
> -SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
> +SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
>  {
>         int i;
>         STACK_OF(X509_NAME) *ret;
> Index: lib/libssl/ssl_ciph.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_ciph.c,v
> retrieving revision 1.98
> diff -u -p -r1.98 ssl_ciph.c
> --- lib/libssl/ssl_ciph.c       17 Mar 2018 14:40:45 -0000      1.98
> +++ lib/libssl/ssl_ciph.c       20 Apr 2018 14:25:04 -0000
> @@ -1674,7 +1674,7 @@ SSL_CIPHER_description(const SSL_CIPHER
>         return (ret);
>  }
>
> -char *
> +const char *
>  SSL_CIPHER_get_version(const SSL_CIPHER *c)
>  {
>         if (c == NULL)
> Index: lib/libssl/ssl_lib.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_lib.c,v
> retrieving revision 1.184
> diff -u -p -r1.184 ssl_lib.c
> --- lib/libssl/ssl_lib.c        14 Apr 2018 07:09:21 -0000      1.184
> +++ lib/libssl/ssl_lib.c        20 Apr 2018 14:25:04 -0000
> @@ -2654,7 +2654,7 @@ SSL_get_certificate(const SSL *s)
>
>  /* Fix this function so that it takes an optional type parameter */
>  EVP_PKEY *
> -SSL_get_privatekey(SSL *s)
> +SSL_get_privatekey(const SSL *s)
>  {
>         if (s->cert != NULL)
>                 return (s->cert->key->privatekey);
> Index: lib/libssl/ssl_locl.h
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_locl.h,v
> retrieving revision 1.204
> diff -u -p -r1.204 ssl_locl.h
> --- lib/libssl/ssl_locl.h       7 Apr 2018 17:02:34 -0000       1.204
> +++ lib/libssl/ssl_locl.h       20 Apr 2018 14:25:04 -0000
> @@ -460,7 +460,7 @@ typedef struct ssl_ctx_internal_st {
>         int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
>         void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION
> *sess);
>         SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
> -           unsigned char *data, int len, int *copy);
> +           const unsigned char *data, int len, int *copy);
>
>         /* if defined, these override the X509_verify_cert() calls */
>         int (*app_verify_callback)(X509_STORE_CTX *, void *);
> @@ -474,7 +474,7 @@ typedef struct ssl_ctx_internal_st {
>             unsigned int *cookie_len);
>
>         /* verify cookie callback */
> -       int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
> +       int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie,
>             unsigned int cookie_len);
>
>         void (*info_callback)(const SSL *ssl,int type,int val); /* used if
> SSL's info_callback is NULL */
> Index: lib/libssl/ssl_rsa.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_rsa.c,v
> retrieving revision 1.28
> diff -u -p -r1.28 ssl_rsa.c
> --- lib/libssl/ssl_rsa.c        7 Feb 2017 02:08:38 -0000       1.28
> +++ lib/libssl/ssl_rsa.c        20 Apr 2018 14:25:04 -0000
> @@ -133,7 +133,7 @@ SSL_use_certificate_ASN1(SSL *ssl, const
>         X509 *x;
>         int ret;
>
> -       x = d2i_X509(NULL, &d,(long)len);
> +       x = d2i_X509(NULL, &d, (long)len);
>         if (x == NULL) {
>                 SSLerror(ssl, ERR_R_ASN1_LIB);
>                 return (0);
> @@ -254,14 +254,12 @@ end:
>  }
>
>  int
> -SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
> +SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
>  {
>         int ret;
> -       const unsigned char *p;
>         RSA *rsa;
>
> -       p = d;
> -       if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
> +       if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
>                 SSLerror(ssl, ERR_R_ASN1_LIB);
>                 return (0);
>         }
> @@ -332,11 +330,9 @@ int
>  SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long
> len)
>  {
>         int ret;
> -       const unsigned char *p;
>         EVP_PKEY *pkey;
>
> -       p = d;
> -       if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
> +       if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
>                 SSLerror(ssl, ERR_R_ASN1_LIB);
>                 return (0);
>         }
> @@ -465,7 +461,7 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ct
>         X509 *x;
>         int ret;
>
> -       x = d2i_X509(NULL, &d,(long)len);
> +       x = d2i_X509(NULL, &d, (long)len);
>         if (x == NULL) {
>                 SSLerrorx(ERR_R_ASN1_LIB);
>                 return (0);
> @@ -547,11 +543,9 @@ int
>  SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
> long len)
>  {
>         int ret;
> -       const unsigned char *p;
>         RSA *rsa;
>
> -       p = d;
> -       if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
> +       if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
>                 SSLerrorx(ERR_R_ASN1_LIB);
>                 return (0);
>         }
> @@ -620,11 +614,9 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SS
>      long len)
>  {
>         int ret;
> -       const unsigned char *p;
>         EVP_PKEY *pkey;
>
> -       p = d;
> -       if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
> +       if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
>                 SSLerrorx(ERR_R_ASN1_LIB);
>                 return (0);
>         }
> Index: lib/libssl/ssl_sess.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/ssl_sess.c,v
> retrieving revision 1.79
> diff -u -p -r1.79 ssl_sess.c
> --- lib/libssl/ssl_sess.c       20 Mar 2018 15:28:12 -0000      1.79
> +++ lib/libssl/ssl_sess.c       20 Apr 2018 14:25:04 -0000
> @@ -1092,13 +1092,13 @@ void
>
>  void
>  SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st
> *ssl,
> -    unsigned char *data, int len, int *copy))
> +    const unsigned char *data, int len, int *copy))
>  {
>         ctx->internal->get_session_cb = cb;
>  }
>
>  SSL_SESSION *
> -(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data,
> +(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, const unsigned char
> *data,
>      int len, int *copy)
>  {
>         return ctx->internal->get_session_cb;
> @@ -1158,7 +1158,7 @@ SSL_CTX_set_cookie_generate_cb(SSL_CTX *
>
>  void
>  SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
> -    int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
> +    int (*cb)(SSL *ssl, const unsigned char *cookie, unsigned int
> cookie_len))
>  {
>         ctx->internal->app_verify_cookie_cb = cb;
>  }
> Index: usr.bin/openssl/s_apps.h
> ===================================================================
> RCS file: /var/cvs/src/usr.bin/openssl/s_apps.h,v
> retrieving revision 1.4
> diff -u -p -r1.4 s_apps.h
> --- usr.bin/openssl/s_apps.h    30 Dec 2016 17:25:48 -0000      1.4
> +++ usr.bin/openssl/s_apps.h    20 Apr 2018 14:25:04 -0000
> @@ -147,5 +147,5 @@ void tlsext_cb(SSL *s, int client_server
>
>  int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
>      unsigned int *cookie_len);
> -int verify_cookie_callback(SSL *ssl, unsigned char *cookie,
> +int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
>      unsigned int cookie_len);
> Index: usr.bin/openssl/s_cb.c
> ===================================================================
> RCS file: /var/cvs/src/usr.bin/openssl/s_cb.c,v
> retrieving revision 1.9
> diff -u -p -r1.9 s_cb.c
> --- usr.bin/openssl/s_cb.c      15 Jan 2018 11:02:07 -0000      1.9
> +++ usr.bin/openssl/s_cb.c      20 Apr 2018 14:25:04 -0000
> @@ -821,7 +821,8 @@ generate_cookie_callback(SSL * ssl, unsi
>  }
>
>  int
> -verify_cookie_callback(SSL * ssl, unsigned char *cookie, unsigned int
> cookie_len)
> +verify_cookie_callback(SSL * ssl, const unsigned char *cookie,
> +    unsigned int cookie_len)
>  {
>         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
>         unsigned int length, resultlength;
>